[Git][security-tracker-team/security-tracker][master] drop enigmail from dsa-needed

Mon Sep 17 22:27:13 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5cb120f by Moritz Muehlenhoff at 2018-09-17T21:26:45Z
drop enigmail from dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12673,6 +12673,7 @@ CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect acce
 CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename ...)
 	{DSA-4224-1 DSA-4223-1 DSA-4222-1}
 	- enigmail 2:2.0.7-1
+	[stretch] - enigmail <ignored> (Package broken in stable, can be fixed along when updated for ESR60)
 	- gnupg2 2.2.8-1
 	- gnupg1 1.4.22-5 (bug #901088)
 	- gnupg <removed>
@@ -12684,6 +12685,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filenam
 	NOTE: https://neopg.io/blog/gpg-signature-spoof/
 CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
 	- enigmail 2:2.0.7-1
+	[stretch] - enigmail <ignored> (Package broken in stable, can be fixed along when updated for ESR60)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
 	NOTE: https://neopg.io/blog/enigmail-signature-spoof/
 CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in Go ...)
@@ -40015,6 +40017,7 @@ CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ..
 	NOTE: protocol vulnerability can't be fixed in implementations but they can't prevent exploitation by disabling loading of remote content
 CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode ...)
 	- enigmail <unfixed> (bug #898630)
+	[stretch] - enigmail <ignored> (Package broken in stable, can be fixed along when updated for ESR60)
 	NOTE: vulnerability is in the clients handling, not in OpenPGP
 	NOTE: https://efail.de
 CVE-2017-17687


=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ asterisk
 --
 ceph
 --
-enigmail
---
 gitlab
 --
 glusterfs



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5cb120fc05dc0adee41b043654294dc3713b0e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5cb120fc05dc0adee41b043654294dc3713b0e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180917/cfa9c130/attachment-0001.html>
