Package: enigmail Version: 2:2.1.3+ds1-4~deb10u2 Please clasify it as security problem for listed below reasons.
Attacker sends moderatelly-sized message e.g. 10 MB and signs it using enigmail, e.g. using the same version of thunderbird with enigmail. When recipient (the victim) using this version of enigmail on debian stable opens this message, then thunderbird will freeze for 40 seconds using 100% of 1 core of the CPU (on 4-core ~2.5 GHz amd64). This is a remote DoS on the thunderbird. When ever he selects the message, or opens any attachments on it, each time thunderbird freezes. Also each time it consumes vast amounts of RAM (e.g. 100 to 500 MB per action) of resident size. If this happens few times, or on already loaded machine, even computer with reasonable amount of free RAM and swap space, will start OOMing or will generally hang - which is a broader remote DoS. Already closing and restarting thunderbird seems to free the memory. Opening an email with 10 1-MB attachments that is signed using openpgp, can take for example 10-20 minutes, or can likely crash in middle of it. This also is a security degrade attack, it causes the user to refrain from usage of encryption, as it turns out popular email clients fail to handle it in reasonable manner.

