Your message dated Wed, 2 Sep 2015 16:35:07 +0800
with message-id <55e6b4bb.4070...@rolf.leggewie.biz>
and subject line 0.94 is long gone
has caused the Debian Bug report #415225,
regarding security issue in enigmail package <0.94.3 (CVE-2007-1264)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
415225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415225
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: enigmail
Version: 2:0.94.2-1
Severity: important
Tags: security

From
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1264
"Enigmail 0.94.2 and earlier does not properly use the --status-fd
argument when invoking GnuPG, which prevents Enigmail from visually
distinguishing between signed and unsigned portions of OpenPGP messages
with multiple components, which allows remote attackers to forge the
contents of a message without detection."

In Debian this problem just occurs if the patch for gnupg is not
installed. That's why I tagged it as "important" and not "critical".

Can you please update enigmail to version 0.94.3 (or backport the patch).

Thanks!

Bye

        Daniel


- --
=========================================================
(gnu)PGP signierter Key vom heise c't Magazin verf├╝gbar.
http://www.heise.de/security/dienste/pgp/
=========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.3 (GNU/Linux)

iD8DBQFF+7P3F7lQkYolXTIRAkZEAKDHm0aZy4MuS+dc0ddIppc+GqGvUgCgwXXQ
4f8/DvFZl1WeWod9jR1qPms=
=fIbu
-----END PGP SIGNATURE-----


--- End Message ---
--- Begin Message ---
oldest maintained version in Debian is 1.0.1-5 in unstable

closing

--- End Message ---
_______________________________________________
Pkg-mozext-maintainers mailing list
Pkg-mozext-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers

Reply via email to