[Git][security-tracker-team/security-tracker][master] Triage Enigmail for Jessie. It is end-of-life now.
Markus Koschany
apo at debian.org
Sat Feb 2 12:37:42 GMT 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1208d16a by Markus Koschany at 2019-02-02T12:37:11Z
Triage Enigmail for Jessie. It is end-of-life now.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38053,6 +38053,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filenam
{DSA-4224-1 DSA-4223-1 DSA-4222-1}
- enigmail 2:2.0.7-1
[stretch] - enigmail <ignored> (Package broken in stable, can be fixed along when updated for ESR60)
+ [jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
- gnupg2 2.2.8-1
- gnupg1 1.4.22-5 (bug #901088)
- gnupg <removed>
@@ -38065,6 +38066,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filenam
CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
- enigmail 2:2.0.7-1
[stretch] - enigmail <ignored> (Package broken in stable, can be fixed along when updated for ESR60)
+ [jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
NOTE: https://neopg.io/blog/enigmail-signature-spoof/
CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in Go ...)
@@ -65710,6 +65712,7 @@ CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ..
CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode ...)
- enigmail <unfixed> (bug #898630)
[stretch] - enigmail <ignored> (Package broken in stable, can be fixed along when updated for ESR60)
+ [jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
NOTE: vulnerability is in the clients handling, not in OpenPGP
NOTE: https://efail.de
NOTE: possibly https://sourceforge.net/p/enigmail/source/ci/f6c111 and https://sourceforge.net/p/enigmail/source/ci/d2a83a
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1208d16a83f62a07b4e65472575964aa6cc77fe8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1208d16a83f62a07b4e65472575964aa6cc77fe8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190202/392f6b93/attachment.html>
More information about the debian-security-tracker-commits
mailing list