[Pkg-mozext-maintainers] Bug#929363: enigmail: CVE-2019-12269
Salvatore Bonaccorso
carnil at debian.org
Fri May 24 08:49:54 BST 2019
Source: enigmail
Source-Version: 2:2.0.11+ds1-1
On Wed, May 22, 2019 at 02:25:42PM +0200, Salvatore Bonaccorso wrote:
> Source: enigmail
> Version: 2:2.0.10+ds1-1
> Severity: important
> Tags: security upstream
> Forwarded: https://sourceforge.net/p/enigmail/bugs/983/
>
> Hi,
>
> The following vulnerability was published for enigmail.
>
> CVE-2019-12269[0]:
> | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline
> | PGP message, an attacker can cause the product to display a "correctly
> | signed" message indication, but display different unauthenticated
> | text.
This issue was adressed 2.0.11 upstream, closing manually.
Regards,
Salvatore
More information about the Pkg-mozext-maintainers
mailing list