Accepting request 559103 from home:AndreasStieger:branches:mozilla:Factory

augment changelog OBS-URL: https://build.opensuse.org/request/show/559103 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=39
2017-12-21 14:09:33 +00:00 · 2017-12-21 14:09:33 +00:00 · 20161db902
commit 20161db902
parent 8ca41116a8
1 changed files with 8 additions and 2 deletions
--- a/enigmail.changes
+++ b/enigmail.changes
@ -1,8 +1,14 @@
 -------------------------------------------------------------------
 Wed Dec 20 14:13:36 UTC 2017 - thardeck@suse.com

- enigmail 1.9.9
-  * Addresses security vulnerabilities discovered by Cure53. 
+- enigmail 1.9.9, fixing multiple vulnerabilities (boo#1073858):
+  * Enigmail could be coerced to use a malicious PGP public key
+    with a corresponding secret key controlled by an attacker
+  * Enigmail could have replayed encrypted content in partially
+    encrypted e-mails, allowing a plaintext leak
+  * Enigmail could be tricked into displaying incorrect signature
+    verification results
+  * Specially crafted content may cause denial of service

 -------------------------------------------------------------------
 Wed Oct  4 14:57:28 UTC 2017 - astieger@suse.com