From 8a394036cff1fa6437f2bc9d81431698ce7bea25897ba4b9ddd3b046590f9471 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Thu, 14 Jun 2018 05:18:18 +0000
Subject: [PATCH] Accepting request 616613 from
 home:AndreasStieger:branches:mozilla:Factory

- enigmail 2.0.7:
  * CVE-2018-12020: Mitigation against GnuPG signature spoofing:
    Email signatures could be spoofed via an embedded "--filename"
    parameter in OpenPGP literal data packets. This update prevents
    this issue from being exploited if GnuPG was not updated
    (boo#1096745)
  * CVE-2018-12019: The signature verification routine interpreted
    User IDs as status/control messages and did not correctly keep
    track of the status of multiple signatures. This allowed remote
    attackers to spoof arbitrary email signatures via public keys
    containing crafted primary user ids (boo#1097525)

OBS-URL: https://build.opensuse.org/request/show/616613
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=57
---
 enigmail-2.0.6.1.tar.gz     |  3 ---
 enigmail-2.0.6.1.tar.gz.asc | 16 ----------------
 enigmail-2.0.7.tar.gz       |  3 +++
 enigmail-2.0.7.tar.gz.asc   | 16 ++++++++++++++++
 enigmail.changes            | 15 +++++++++++++++
 enigmail.spec               |  2 +-
 6 files changed, 35 insertions(+), 20 deletions(-)
 delete mode 100644 enigmail-2.0.6.1.tar.gz
 delete mode 100644 enigmail-2.0.6.1.tar.gz.asc
 create mode 100644 enigmail-2.0.7.tar.gz
 create mode 100644 enigmail-2.0.7.tar.gz.asc

diff --git a/enigmail-2.0.6.1.tar.gz b/enigmail-2.0.6.1.tar.gz
deleted file mode 100644
index b15a4ab..0000000
--- a/enigmail-2.0.6.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:11dd737065806ae6c07d8d556491cc49153a91daccc5b9801d60703d7c4a1baf
-size 2535278
diff --git a/enigmail-2.0.6.1.tar.gz.asc b/enigmail-2.0.6.1.tar.gz.asc
deleted file mode 100644
index 22597b4..0000000
--- a/enigmail-2.0.6.1.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsP02cACgkQ2xGHud1f
-aTtmtg//VgHFe+Ae4dAWcgX8D9MR171WigN+qDFm+BJVBeEZWkPhbdR7CBY2A5fK
-SfB4NqeLY3z9wkbsPKPcErTTuOYEexVDtPjG7vEy7cj37wNewwEZlrq8bkBkfx8f
-1CwAEGI7vvfb92s55tVziMYlj0rCZZg87Y4op+g5ZkR+zndSTedn22uEquqV/4as
-0Nj+Bu32308ZV2MuehBdmR8S1n688p5xLXAEhV4tNAwjBuF7cf/h1GYWsuiYe53L
-TcdHS8wRhdPUNnQCuwoPOkw267IgK1BjvJOoSNLS+b3Vyk53wX2g7Mf1itLzK6OC
-78eK0IL/+Q+aQeQQE6m6pFbFXdt3ez6ppN8D2aqAZ4KyvIsoNOGA/Agbh5sJ4Q75
-mEM5dxY41MZC69iWNb51cKWUETd6KCLTCBe5jJPJqVlPjItuMNvqxRKNpAzUrdBW
-VGJeGLAgYfSdc+O/1sPEOgik9bu3SThfY/atJtGJnm39k40CriVWPpFtkUuX0vip
-67yZZ5XgkDjSQGbe/xgbC4IbCLS8MwUHj/42BC4LDDGvmT/LQhnAKVkdpxh9uOWh
-O4z/o1M7h7aolvdprdgbMcZC6J7aOJ3DI8LGz633ztCBdwcaL1pwu5cGZzJPi0nb
-YIRoTT4ezGAJ2vHXLUVZZ8dmIPb6LpnHSifXJbPcD5Tu85uMCrQ=
-=kVBv
------END PGP SIGNATURE-----
diff --git a/enigmail-2.0.7.tar.gz b/enigmail-2.0.7.tar.gz
new file mode 100644
index 0000000..6066de3
--- /dev/null
+++ b/enigmail-2.0.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5752e6fe0fe2acbfd8f0417c5abe6cf2ec77b76970a71a333b5852b76fe354dd
+size 2537431
diff --git a/enigmail-2.0.7.tar.gz.asc b/enigmail-2.0.7.tar.gz.asc
new file mode 100644
index 0000000..1a6164f
--- /dev/null
+++ b/enigmail-2.0.7.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsf8WsACgkQ2xGHud1f
+aTttzw/8DSxBUvkAeXJulK6ADcMmyK/jiJpn3xYbX6j24JL+dvorpP6mTCvI4cro
+6jELk6AenROy9kEJkXGjONqd2JlCL9nPZ3FLZH1DLden63AEmjol8gYo0+yNzeDI
+U0dF5InX/FyRtACmAqtghzBmqnhkJ9IbS6Q19a56m3kVylRh3OBb61/CmrK43AOr
+5J7caNE4VMcKh4tTCuauW4rvn4YZHvPOg3DBEkWh0LvA+2T6LoSugQNIdYz0ypSQ
+qvkLx2UJ3Y+L6OjMLM/V4dFvrcNZh66dUiPoFdJAP4lZzP0HZQNQw9RX1oADGnKu
+t08ODn+yj97chimbSIUTxLcmFud+6zkqLvCfr8FeEjOwITmJQwAL4sByr0cCoZV6
+vGp5oukyOLsjfLqjlp15wZSw2QGaTTJt16F4E76XlbOp4QGdeCedrDXeDkHLhzTk
+v3xvTkRUamraLnT+kRYadBIdPCShrDundokR3mX0jTiHAJOTUWxjVg7EQyBDjSUO
+tScYa/N5yRTNcaNwYVT6yGFpoUFVHAA1zD6r8fFJosJZu1g/qJgdp/PCwj9Ooci0
+u0gawzsXLG8nnZp72dCbt1CkpiRMMd3Rq+PiC/ARJt5seFi7wWFjr/nz3dBVrfPx
+2yJEghOcqbPnWHb6ESew51j20OYRGNggNIoIOG+QNWg0vc3lWXk=
+=4gP8
+-----END PGP SIGNATURE-----
diff --git a/enigmail.changes b/enigmail.changes
index 8e8626f..b666cdc 100644
--- a/enigmail.changes
+++ b/enigmail.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Jun 13 19:19:16 UTC 2018 - astieger@suse.com
+
+- enigmail 2.0.7:
+  * CVE-2018-12020: Mitigation against GnuPG signature spoofing:
+    Email signatures could be spoofed via an embedded "--filename"
+    parameter in OpenPGP literal data packets. This update prevents
+    this issue from being exploited if GnuPG was not updated 
+    (boo#1096745)
+  * CVE-2018-12019: The signature verification routine interpreted
+    User IDs as status/control messages and did not correctly keep
+    track of the status of multiple signatures. This allowed remote
+    attackers to spoof arbitrary email signatures via public keys
+    containing crafted primary user ids (boo#1097525)
+
 -------------------------------------------------------------------
 Fri Jun  1 08:04:05 UTC 2018 - astieger@suse.com
 
diff --git a/enigmail.spec b/enigmail.spec
index fb8243f..a9ffe7c 100644
--- a/enigmail.spec
+++ b/enigmail.spec
@@ -18,7 +18,7 @@
 
 
 Name:           enigmail
-Version:        2.0.6.1
+Version:        2.0.7
 Release:        0
 Summary:        OpenPGP addon for Thunderbird and SeaMonkey
 License:        MPL-2.0