enigmail

pool/enigmail

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Wolfgang Rosenauer	8a394036cf	Accepting request 616613 from home:AndreasStieger:branches:mozilla:Factory - enigmail 2.0.7: * CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email signatures could be spoofed via an embedded "--filename" parameter in OpenPGP literal data packets. This update prevents this issue from being exploited if GnuPG was not updated (boo#1096745) * CVE-2018-12019: The signature verification routine interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (boo#1097525) OBS-URL: https://build.opensuse.org/request/show/616613 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=57	2018-06-14 05:18:18 +00:00

Author

SHA256

Message

Date

Wolfgang Rosenauer

8a394036cf

Accepting request 616613 from home:AndreasStieger:branches:mozilla:Factory

- enigmail 2.0.7:
  * CVE-2018-12020: Mitigation against GnuPG signature spoofing:
    Email signatures could be spoofed via an embedded "--filename"
    parameter in OpenPGP literal data packets. This update prevents
    this issue from being exploited if GnuPG was not updated 
    (boo#1096745)
  * CVE-2018-12019: The signature verification routine interpreted
    User IDs as status/control messages and did not correctly keep
    track of the status of multiple signatures. This allowed remote
    attackers to spoof arbitrary email signatures via public keys
    containing crafted primary user ids (boo#1097525)

OBS-URL: https://build.opensuse.org/request/show/616613
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=57

2018-06-14 05:18:18 +00:00

1 Commits