rpm/enigmail
SHA256
1
0
Fork 0
forked from pool/enigmail
Code Pull Requests Activity
69c19d865d
enigmail/enigmail-2.0.7.tar.gz.asc
Wolfgang Rosenauer 8a394036cf Accepting request 616613 from home:AndreasStieger:branches:mozilla:Factory 
- enigmail 2.0.7:
  * CVE-2018-12020: Mitigation against GnuPG signature spoofing:
    Email signatures could be spoofed via an embedded "--filename"
    parameter in OpenPGP literal data packets. This update prevents
    this issue from being exploited if GnuPG was not updated 
    (boo#1096745)
  * CVE-2018-12019: The signature verification routine interpreted
    User IDs as status/control messages and did not correctly keep
    track of the status of multiple signatures. This allowed remote
    attackers to spoof arbitrary email signatures via public keys
    containing crafted primary user ids (boo#1097525)

OBS-URL: https://build.opensuse.org/request/show/616613
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/enigmail?expand=0&rev=57
2018-06-14 05:18:18 +00:00

17 lines
833 B
Plaintext
Raw Blame History

-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEET5+J9VBawdGiYGMc2xGHud1faTsFAlsf8WsACgkQ2xGHud1f
aTttzw/8DSxBUvkAeXJulK6ADcMmyK/jiJpn3xYbX6j24JL+dvorpP6mTCvI4cro
6jELk6AenROy9kEJkXGjONqd2JlCL9nPZ3FLZH1DLden63AEmjol8gYo0+yNzeDI
U0dF5InX/FyRtACmAqtghzBmqnhkJ9IbS6Q19a56m3kVylRh3OBb61/CmrK43AOr
5J7caNE4VMcKh4tTCuauW4rvn4YZHvPOg3DBEkWh0LvA+2T6LoSugQNIdYz0ypSQ
qvkLx2UJ3Y+L6OjMLM/V4dFvrcNZh66dUiPoFdJAP4lZzP0HZQNQw9RX1oADGnKu
t08ODn+yj97chimbSIUTxLcmFud+6zkqLvCfr8FeEjOwITmJQwAL4sByr0cCoZV6
vGp5oukyOLsjfLqjlp15wZSw2QGaTTJt16F4E76XlbOp4QGdeCedrDXeDkHLhzTk
v3xvTkRUamraLnT+kRYadBIdPCShrDundokR3mX0jTiHAJOTUWxjVg7EQyBDjSUO
tScYa/N5yRTNcaNwYVT6yGFpoUFVHAA1zD6r8fFJosJZu1g/qJgdp/PCwj9Ooci0
u0gawzsXLG8nnZp72dCbt1CkpiRMMd3Rq+PiC/ARJt5seFi7wWFjr/nz3dBVrfPx
2yJEghOcqbPnWHb6ESew51j20OYRGNggNIoIOG+QNWg0vc3lWXk=
=4gP8
-----END PGP SIGNATURE-----
View Git Blame Copy Permalink