[Git][security-tracker-team/security-tracker][master] Triage Enigmail for Jessie. It is end-of-life now.

Sat, 02 Feb 2019 04:38:47 -0800 

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1208d16a by Markus Koschany at 2019-02-02T12:37:11Z
Triage Enigmail for Jessie. It is end-of-life now.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38053,6 +38053,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 
mishandles the original filenam
        {DSA-4224-1 DSA-4223-1 DSA-4222-1}
        - enigmail 2:2.0.7-1
        [stretch] - enigmail <ignored> (Package broken in stable, can be fixed 
along when updated for ESR60)
+       [jessie] - enigmail <end-of-life> (see 
https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
        - gnupg2 2.2.8-1
        - gnupg1 1.4.22-5 (bug #901088)
        - gnupg <removed>
@@ -38065,6 +38066,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 
mishandles the original filenam
 CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 
interprets ...)
        - enigmail 2:2.0.7-1
        [stretch] - enigmail <ignored> (Package broken in stable, can be fixed 
along when updated for ESR60)
+       [jessie] - enigmail <end-of-life> (see 
https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
        NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
        NOTE: https://neopg.io/blog/enigmail-signature-spoof/
 CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol 
implementation in Go ...)
@@ -65710,6 +65712,7 @@ CVE-2017-17689 (The S/MIME specification allows a 
Cipher Block Chaining (CBC) ..
 CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher 
Feedback Mode ...)
        - enigmail <unfixed> (bug #898630)
        [stretch] - enigmail <ignored> (Package broken in stable, can be fixed 
along when updated for ESR60)
+       [jessie] - enigmail <end-of-life> (see 
https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
        NOTE: vulnerability is in the clients handling, not in OpenPGP
        NOTE: https://efail.de
        NOTE: possibly https://sourceforge.net/p/enigmail/source/ci/f6c111 and 
https://sourceforge.net/p/enigmail/source/ci/d2a83a



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1208d16a83f62a07b4e65472575964aa6cc77fe8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1208d16a83f62a07b4e65472575964aa6cc77fe8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to