From 8ca41116a86f698873a9f2235e1687af64af055348a802b614bdab21cf9b80a3 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 21 Dec 2017 13:47:14 +0000 Subject: [PATCH 1/2] Accepting request 558842 from home:thardeck:branches:mozilla - enigmail 1.9.9 * Addresses security vulnerabilities discovered by Cure53. OBS-URL: https://build.opensuse.org/request/show/558842 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=38 --- enigmail-1.9.8.3.tar.gz | 3 --- enigmail-1.9.8.3.tar.gz.asc | 16 ---------------- enigmail-1.9.9.tar.gz | 3 +++ enigmail-1.9.9.tar.gz.asc | 16 ++++++++++++++++ enigmail.changes | 6 ++++++ enigmail.spec | 2 +- 6 files changed, 26 insertions(+), 20 deletions(-) delete mode 100644 enigmail-1.9.8.3.tar.gz delete mode 100644 enigmail-1.9.8.3.tar.gz.asc create mode 100644 enigmail-1.9.9.tar.gz create mode 100644 enigmail-1.9.9.tar.gz.asc diff --git a/enigmail-1.9.8.3.tar.gz b/enigmail-1.9.8.3.tar.gz deleted file mode 100644 index 0825cd9..0000000 --- a/enigmail-1.9.8.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:53d6b29061058d81a76db51c73d3bfa92425530e92f92b940ba2eca6b3dbfc38 -size 1776756 diff --git a/enigmail-1.9.8.3.tar.gz.asc b/enigmail-1.9.8.3.tar.gz.asc deleted file mode 100644 index 414e6a9..0000000 --- a/enigmail-1.9.8.3.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlnRAYAACgkQ2xGHud1f -aTus4Q/9GHNlrDdcDegJ0Za3JfztG26D1WvT3Pmji+R5TgYuKUsG7GLDjXRMiflM -uHMJtms1jla9TqG9mr3yAfPgB5T9NCGKtiWl6i2XdkvQEnYxpiK8lahp5usU2dSZ -EMk9ZjqJ9S8oOD3wA4A8JVK33jahrUBE6NEkKBAVWhqFcpxcTqqzK2t//pH1D/PI -BWFUo1sMsgFL8G5puUQPj8dW5aIhYXJVGMJGXUdxsbZ3TzTOdCXMFTw4dxAqcara -KVh65H4wvzhD4e0ncXxG0Hc1aF7ALujVMN1jHwCUWInaqgQW+XuoTD8Si+NH1CD6 -WDXQrzUUV4O5CaLNkv3kSVqY37brMyk9A7hPn1s1l4f1Tpr7v4b6SxdwGDJg0dnO -QOwNnaIODWhJp0M0lY1E9tUR29kSPteAwRxDvUhZzNS3x/cR3qjX0AW5QN5OIwFD -W1X0Yu4RgN2NenU0XjER/4C8Va22cyCWrORAXudcn+g73ob7r6R41C9hSAiHYD0+ -s2upMOAXCfthnA+LcBmlhSP721oK22Ok/z6is9napdyOfmIRsvFIzA03PsWc1QOE -rwWCNW38JleTS9Bkg15YJJN8p+pDvKETF9xvle9KrUtSCiK5lCebcVlCiW3UGQz9 -1pqyL9BmHyXDWReQ7H55Ijcn7RGvbuhbsza0dc9A1DQSdRxwK90= -=knya ------END PGP SIGNATURE----- diff --git a/enigmail-1.9.9.tar.gz b/enigmail-1.9.9.tar.gz new file mode 100644 index 0000000..fc330d5 --- /dev/null +++ b/enigmail-1.9.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e6993acf8b8745dc787f3506888bf22317ddab3741912aac0bb659d1631758e3 +size 1787556 diff --git a/enigmail-1.9.9.tar.gz.asc b/enigmail-1.9.9.tar.gz.asc new file mode 100644 index 0000000..611dd57 --- /dev/null +++ b/enigmail-1.9.9.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlotP98ACgkQ2xGHud1f +aTsnLQ//TFMF8b/zcNrtR9vxvbHW4CTCp1u3sYYAxTVZY73BBbdeSH5XHYcTbDvX +KPCTJNwasGQX9r2W1jAwUbIseT6vK+9QihK2CAYjiO9HB+JEDdqTOlocxIzY3PC8 +F4Ot1HlrpSh5nLziLBpFQyLM8a3mty957oyQ/o1oVK91xZ3MvaMMy+dQESGd7Xfe +Yvtw/lEP9PbHqmL8zQCzmcFYEp4pyCadkTYpB7AZUZeDSHh4xxHeiXcZns2XQnft ++5zqTJJWD4NhFl2WsEl2f99FagQXA76sDxt6Baxa52gx9pKzAq6pKhtIZQpcmHL/ +1fbf+PbA35zUT/mSQ00/2OaIn/S/ZJRISDKBe2IuB1OVs8XdKJrqUcKy8RFZbudR +x8OSVcCY9CqHkkHpxok65qxpcFNxUaYHp45aoiHszj1goTKgw6BOzrxfKbwBuSsE +Suf+e1FJ14ArasKGCRZn/rZcK9waISqEMMvE7QwOXkwyGm5CyB+eHblDnc6GntN2 +ACqd2Crz8i76oFWKXopVSg/NJPo/BzVi8hzdiSop9Ya3JuQiPemp4vpG8UvYjx4D +DGRELR/YFjIgX4X49DKPUhV79kcX9JVMZXs1N8vEjyI50Ohp7NoeaEGCT4O3OnJ/ +y3txFu7AGDl6HtXtw8AGsBg5shrl0DzxK4kjleYy/LXE3eSkhrI= +=MbQB +-----END PGP SIGNATURE----- diff --git a/enigmail.changes b/enigmail.changes index fcaf47f..c5d3bdf 100644 --- a/enigmail.changes +++ b/enigmail.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Dec 20 14:13:36 UTC 2017 - thardeck@suse.com + +- enigmail 1.9.9 + * Addresses security vulnerabilities discovered by Cure53. + ------------------------------------------------------------------- Wed Oct 4 14:57:28 UTC 2017 - astieger@suse.com diff --git a/enigmail.spec b/enigmail.spec index be71cb7..736715c 100644 --- a/enigmail.spec +++ b/enigmail.spec @@ -18,7 +18,7 @@ Name: enigmail -Version: 1.9.8.3 +Version: 1.9.9 Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-2.0 From 20161db902350fbf3593f159a857206273bcbf1c999e85686c9f74178dc53aad Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Thu, 21 Dec 2017 14:09:33 +0000 Subject: [PATCH 2/2] Accepting request 559103 from home:AndreasStieger:branches:mozilla:Factory augment changelog OBS-URL: https://build.opensuse.org/request/show/559103 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=39 --- enigmail.changes | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/enigmail.changes b/enigmail.changes index c5d3bdf..fff98ec 100644 --- a/enigmail.changes +++ b/enigmail.changes @@ -1,8 +1,14 @@ ------------------------------------------------------------------- Wed Dec 20 14:13:36 UTC 2017 - thardeck@suse.com -- enigmail 1.9.9 - * Addresses security vulnerabilities discovered by Cure53. +- enigmail 1.9.9, fixing multiple vulnerabilities (boo#1073858): + * Enigmail could be coerced to use a malicious PGP public key + with a corresponding secret key controlled by an attacker + * Enigmail could have replayed encrypted content in partially + encrypted e-mails, allowing a plaintext leak + * Enigmail could be tricked into displaying incorrect signature + verification results + * Specially crafted content may cause denial of service ------------------------------------------------------------------- Wed Oct 4 14:57:28 UTC 2017 - astieger@suse.com