diff --git a/enigmail-2.0.6.1.tar.gz b/enigmail-2.0.6.1.tar.gz deleted file mode 100644 index b15a4ab..0000000 --- a/enigmail-2.0.6.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:11dd737065806ae6c07d8d556491cc49153a91daccc5b9801d60703d7c4a1baf -size 2535278 diff --git a/enigmail-2.0.6.1.tar.gz.asc b/enigmail-2.0.6.1.tar.gz.asc deleted file mode 100644 index 22597b4..0000000 --- a/enigmail-2.0.6.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsP02cACgkQ2xGHud1f -aTtmtg//VgHFe+Ae4dAWcgX8D9MR171WigN+qDFm+BJVBeEZWkPhbdR7CBY2A5fK -SfB4NqeLY3z9wkbsPKPcErTTuOYEexVDtPjG7vEy7cj37wNewwEZlrq8bkBkfx8f -1CwAEGI7vvfb92s55tVziMYlj0rCZZg87Y4op+g5ZkR+zndSTedn22uEquqV/4as -0Nj+Bu32308ZV2MuehBdmR8S1n688p5xLXAEhV4tNAwjBuF7cf/h1GYWsuiYe53L -TcdHS8wRhdPUNnQCuwoPOkw267IgK1BjvJOoSNLS+b3Vyk53wX2g7Mf1itLzK6OC -78eK0IL/+Q+aQeQQE6m6pFbFXdt3ez6ppN8D2aqAZ4KyvIsoNOGA/Agbh5sJ4Q75 -mEM5dxY41MZC69iWNb51cKWUETd6KCLTCBe5jJPJqVlPjItuMNvqxRKNpAzUrdBW -VGJeGLAgYfSdc+O/1sPEOgik9bu3SThfY/atJtGJnm39k40CriVWPpFtkUuX0vip -67yZZ5XgkDjSQGbe/xgbC4IbCLS8MwUHj/42BC4LDDGvmT/LQhnAKVkdpxh9uOWh -O4z/o1M7h7aolvdprdgbMcZC6J7aOJ3DI8LGz633ztCBdwcaL1pwu5cGZzJPi0nb -YIRoTT4ezGAJ2vHXLUVZZ8dmIPb6LpnHSifXJbPcD5Tu85uMCrQ= -=kVBv ------END PGP SIGNATURE----- diff --git a/enigmail-2.0.7.tar.gz b/enigmail-2.0.7.tar.gz new file mode 100644 index 0000000..6066de3 --- /dev/null +++ b/enigmail-2.0.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5752e6fe0fe2acbfd8f0417c5abe6cf2ec77b76970a71a333b5852b76fe354dd +size 2537431 diff --git a/enigmail-2.0.7.tar.gz.asc b/enigmail-2.0.7.tar.gz.asc new file mode 100644 index 0000000..1a6164f --- /dev/null +++ b/enigmail-2.0.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsf8WsACgkQ2xGHud1f +aTttzw/8DSxBUvkAeXJulK6ADcMmyK/jiJpn3xYbX6j24JL+dvorpP6mTCvI4cro +6jELk6AenROy9kEJkXGjONqd2JlCL9nPZ3FLZH1DLden63AEmjol8gYo0+yNzeDI +U0dF5InX/FyRtACmAqtghzBmqnhkJ9IbS6Q19a56m3kVylRh3OBb61/CmrK43AOr +5J7caNE4VMcKh4tTCuauW4rvn4YZHvPOg3DBEkWh0LvA+2T6LoSugQNIdYz0ypSQ +qvkLx2UJ3Y+L6OjMLM/V4dFvrcNZh66dUiPoFdJAP4lZzP0HZQNQw9RX1oADGnKu +t08ODn+yj97chimbSIUTxLcmFud+6zkqLvCfr8FeEjOwITmJQwAL4sByr0cCoZV6 +vGp5oukyOLsjfLqjlp15wZSw2QGaTTJt16F4E76XlbOp4QGdeCedrDXeDkHLhzTk +v3xvTkRUamraLnT+kRYadBIdPCShrDundokR3mX0jTiHAJOTUWxjVg7EQyBDjSUO +tScYa/N5yRTNcaNwYVT6yGFpoUFVHAA1zD6r8fFJosJZu1g/qJgdp/PCwj9Ooci0 +u0gawzsXLG8nnZp72dCbt1CkpiRMMd3Rq+PiC/ARJt5seFi7wWFjr/nz3dBVrfPx +2yJEghOcqbPnWHb6ESew51j20OYRGNggNIoIOG+QNWg0vc3lWXk= +=4gP8 +-----END PGP SIGNATURE----- diff --git a/enigmail.changes b/enigmail.changes index 8e8626f..b666cdc 100644 --- a/enigmail.changes +++ b/enigmail.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Jun 13 19:19:16 UTC 2018 - astieger@suse.com + +- enigmail 2.0.7: + * CVE-2018-12020: Mitigation against GnuPG signature spoofing: + Email signatures could be spoofed via an embedded "--filename" + parameter in OpenPGP literal data packets. This update prevents + this issue from being exploited if GnuPG was not updated + (boo#1096745) + * CVE-2018-12019: The signature verification routine interpreted + User IDs as status/control messages and did not correctly keep + track of the status of multiple signatures. This allowed remote + attackers to spoof arbitrary email signatures via public keys + containing crafted primary user ids (boo#1097525) + ------------------------------------------------------------------- Fri Jun 1 08:04:05 UTC 2018 - astieger@suse.com diff --git a/enigmail.spec b/enigmail.spec index fb8243f..a9ffe7c 100644 --- a/enigmail.spec +++ b/enigmail.spec @@ -18,7 +18,7 @@ Name: enigmail -Version: 2.0.6.1 +Version: 2.0.7 Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-2.0