[Pkg-mozext-maintainers] Bug#929363: enigmail: CVE-2019-12269

Salvatore Bonaccorso carnil at debian.org
Fri May 24 08:49:54 BST 2019


Source: enigmail
Source-Version: 2:2.0.11+ds1-1

On Wed, May 22, 2019 at 02:25:42PM +0200, Salvatore Bonaccorso wrote:
> Source: enigmail
> Version: 2:2.0.10+ds1-1
> Severity: important
> Tags: security upstream
> Forwarded: https://sourceforge.net/p/enigmail/bugs/983/
> 
> Hi,
> 
> The following vulnerability was published for enigmail.
> 
> CVE-2019-12269[0]:
> | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline
> | PGP message, an attacker can cause the product to display a "correctly
> | signed" message indication, but display different unauthenticated
> | text.

This issue was adressed 2.0.11 upstream, closing manually.

Regards,
Salvatore



More information about the Pkg-mozext-maintainers mailing list