[Pkg-mozext-maintainers] Bug#898630: enigmail: efail attack against enigmail
Carsten Schoenert
c.schoenert at t-online.de
Sat May 19 20:59:58 BST 2018
Hello Daniel,
On Wed, May 16, 2018 at 01:47:45PM +0200, Carsten Schoenert wrote:
> I guess the "only" problem with enigmail is the recent package version
> isn't available in unstable/testing. The main issue of Efail in Enigmail
> is fixed since Enigmail 2.0.0
>
> https://sourceforge.net/p/enigmail/forum/announce/thread/527a26fc/
while MiniDebConf in Hamburg I was playing around with the current
enigmail package from experimental with Thunderbird 52.7.0 and also with
52.8.0. It works well so far and I haven't found any issues. I think
it's save to do a upload of Enigmail 2.0.4 also to unstable.
Moritz also mentioned that we should not fall into the same trap as by
introducing Thunderbird ESR52 months ago and be prepared by getting
Enigmail into the security releases before we start to introduce the
Thunderbird 60 packages into stable-security. I think there is a low
risk as I can't see a real problem with Enigmail on TB 52.x, also other
participants of the MiniDebConf have not seen problems regarding to
Enigmail 2.x with Thunderbird 52.x.
--
Regards
Carsten Schoenert
More information about the Pkg-mozext-maintainers
mailing list