Accepting request 616613 from home:AndreasStieger:branches:mozilla:Factory
- enigmail 2.0.7:
* CVE-2018-12020: Mitigation against GnuPG signature spoofing:
Email signatures could be spoofed via an embedded "--filename"
parameter in OpenPGP literal data packets. This update prevents
this issue from being exploited if GnuPG was not updated
(boo#1096745)
* CVE-2018-12019: The signature verification routine interpreted
User IDs as status/control messages and did not correctly keep
track of the status of multiple signatures. This allowed remote
attackers to spoof arbitrary email signatures via public keys
containing crafted primary user ids (boo#1097525)
OBS-URL: https://build.opensuse.org/request/show/616613
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=57
This commit is contained in:
Wolfgang Rosenauer
Git OBS Bridge
parent
7ecdf66a59
commit
8a394036cf
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:11dd737065806ae6c07d8d556491cc49153a91daccc5b9801d60703d7c4a1baf
|
||||
size 2535278
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsP02cACgkQ2xGHud1f
|
||||
aTtmtg//VgHFe+Ae4dAWcgX8D9MR171WigN+qDFm+BJVBeEZWkPhbdR7CBY2A5fK
|
||||
SfB4NqeLY3z9wkbsPKPcErTTuOYEexVDtPjG7vEy7cj37wNewwEZlrq8bkBkfx8f
|
||||
1CwAEGI7vvfb92s55tVziMYlj0rCZZg87Y4op+g5ZkR+zndSTedn22uEquqV/4as
|
||||
0Nj+Bu32308ZV2MuehBdmR8S1n688p5xLXAEhV4tNAwjBuF7cf/h1GYWsuiYe53L
|
||||
TcdHS8wRhdPUNnQCuwoPOkw267IgK1BjvJOoSNLS+b3Vyk53wX2g7Mf1itLzK6OC
|
||||
78eK0IL/+Q+aQeQQE6m6pFbFXdt3ez6ppN8D2aqAZ4KyvIsoNOGA/Agbh5sJ4Q75
|
||||
mEM5dxY41MZC69iWNb51cKWUETd6KCLTCBe5jJPJqVlPjItuMNvqxRKNpAzUrdBW
|
||||
VGJeGLAgYfSdc+O/1sPEOgik9bu3SThfY/atJtGJnm39k40CriVWPpFtkUuX0vip
|
||||
67yZZ5XgkDjSQGbe/xgbC4IbCLS8MwUHj/42BC4LDDGvmT/LQhnAKVkdpxh9uOWh
|
||||
O4z/o1M7h7aolvdprdgbMcZC6J7aOJ3DI8LGz633ztCBdwcaL1pwu5cGZzJPi0nb
|
||||
YIRoTT4ezGAJ2vHXLUVZZ8dmIPb6LpnHSifXJbPcD5Tu85uMCrQ=
|
||||
=kVBv
|
||||
-----END PGP SIGNATURE-----
|
||||
3
enigmail-2.0.7.tar.gz
Normal file
3
enigmail-2.0.7.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5752e6fe0fe2acbfd8f0417c5abe6cf2ec77b76970a71a333b5852b76fe354dd
|
||||
size 2537431
|
||||
16
enigmail-2.0.7.tar.gz.asc
Normal file
16
enigmail-2.0.7.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsf8WsACgkQ2xGHud1f
|
||||
aTttzw/8DSxBUvkAeXJulK6ADcMmyK/jiJpn3xYbX6j24JL+dvorpP6mTCvI4cro
|
||||
6jELk6AenROy9kEJkXGjONqd2JlCL9nPZ3FLZH1DLden63AEmjol8gYo0+yNzeDI
|
||||
U0dF5InX/FyRtACmAqtghzBmqnhkJ9IbS6Q19a56m3kVylRh3OBb61/CmrK43AOr
|
||||
5J7caNE4VMcKh4tTCuauW4rvn4YZHvPOg3DBEkWh0LvA+2T6LoSugQNIdYz0ypSQ
|
||||
qvkLx2UJ3Y+L6OjMLM/V4dFvrcNZh66dUiPoFdJAP4lZzP0HZQNQw9RX1oADGnKu
|
||||
t08ODn+yj97chimbSIUTxLcmFud+6zkqLvCfr8FeEjOwITmJQwAL4sByr0cCoZV6
|
||||
vGp5oukyOLsjfLqjlp15wZSw2QGaTTJt16F4E76XlbOp4QGdeCedrDXeDkHLhzTk
|
||||
v3xvTkRUamraLnT+kRYadBIdPCShrDundokR3mX0jTiHAJOTUWxjVg7EQyBDjSUO
|
||||
tScYa/N5yRTNcaNwYVT6yGFpoUFVHAA1zD6r8fFJosJZu1g/qJgdp/PCwj9Ooci0
|
||||
u0gawzsXLG8nnZp72dCbt1CkpiRMMd3Rq+PiC/ARJt5seFi7wWFjr/nz3dBVrfPx
|
||||
2yJEghOcqbPnWHb6ESew51j20OYRGNggNIoIOG+QNWg0vc3lWXk=
|
||||
=4gP8
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 13 19:19:16 UTC 2018 - astieger@suse.com
|
||||
|
||||
- enigmail 2.0.7:
|
||||
* CVE-2018-12020: Mitigation against GnuPG signature spoofing:
|
||||
Email signatures could be spoofed via an embedded "--filename"
|
||||
parameter in OpenPGP literal data packets. This update prevents
|
||||
this issue from being exploited if GnuPG was not updated
|
||||
(boo#1096745)
|
||||
* CVE-2018-12019: The signature verification routine interpreted
|
||||
User IDs as status/control messages and did not correctly keep
|
||||
track of the status of multiple signatures. This allowed remote
|
||||
attackers to spoof arbitrary email signatures via public keys
|
||||
containing crafted primary user ids (boo#1097525)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 1 08:04:05 UTC 2018 - astieger@suse.com
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
|
||||
Name: enigmail
|
||||
Version: 2.0.6.1
|
||||
Version: 2.0.7
|
||||
Release: 0
|
||||
Summary: OpenPGP addon for Thunderbird and SeaMonkey
|
||||
License: MPL-2.0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user