8a394036cf
- enigmail 2.0.7:
* CVE-2018-12020: Mitigation against GnuPG signature spoofing:
Email signatures could be spoofed via an embedded "--filename"
parameter in OpenPGP literal data packets. This update prevents
this issue from being exploited if GnuPG was not updated
(boo#1096745)
* CVE-2018-12019: The signature verification routine interpreted
User IDs as status/control messages and did not correctly keep
track of the status of multiple signatures. This allowed remote
attackers to spoof arbitrary email signatures via public keys
containing crafted primary user ids (boo#1097525)
OBS-URL: https://build.opensuse.org/request/show/616613
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=57
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| enigmail-2.0.7.tar.gz | ||
| enigmail-2.0.7.tar.gz.asc | ||
| enigmail.changes | ||
| enigmail.keyring | ||
| enigmail.spec | ||