-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: enigmail Version: 2:0.94.2-1 Severity: important Tags: security
From http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1264 "Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection." In Debian this problem just occurs if the patch for gnupg is not installed. That's why I tagged it as "important" and not "critical". Can you please update enigmail to version 0.94.3 (or backport the patch). Thanks! Bye Daniel - -- ========================================================= (gnu)PGP signierter Key vom heise c't Magazin verfügbar. http://www.heise.de/security/dienste/pgp/ ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) iD8DBQFF+7P3F7lQkYolXTIRAkZEAKDHm0aZy4MuS+dc0ddIppc+GqGvUgCgwXXQ 4f8/DvFZl1WeWod9jR1qPms= =fIbu -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
