Package: icedove Version: 17.0-1 Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
1) Install stable iceweasel and enigmail. 2) Update to newest iceweasel from stable-security 3) Iceweasel silently skipping enigmail signing/encryption This is *not* a duplicate of bug#746348, as the issue here is not one of needing to restart the application after upgrading packages, but instead is one of package dependencies needing tightening. Older enigmail does not work with newer icedove. Older enigmail had no crystalball so could not protect against this. Or arguably it could've blindly assumed to require same major version, but that's too late now. Newer enigmail does what it can: depends versioned on icedove. That does not help against lack of upgrading it, however - which can happen e.g. with bug#747532. Only safe approach I can see possible now, is for icedove to declare that it breaks older enigmail. I believe that fix needs to urgently go to stable-updates. - Jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJTbTHbXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3NjQ4ODQwMTIyRTJDNTBFQzUxRDQwRTI0 RUMxQjcyMjM3NEY5QkQ2AAoJEE7BtyI3T5vWfxkIALdHIb0iINmVH/lgCt40ACI1 6+G9+KpeuZyeHBwe9ptv0H3DMbxvG11E/vD+Edp7YHRY0T9KzvkHcZBHegprIB2e sELqR/8HNvS0a6WFhrbsGEdUfJ6CZzmRzAXAmMqsIG+TQzTGenMuZQV7d0ZodJXb mwAzWYlmKpK/aNgjdYMdvL2onuZKDBAB9tYXgf0CzCYqmQjBtYbVfAM4s4uUb60w usMQ1FBUUNeyhAFklCVsM0Xd0zLSsVdTSmUPMUP0bkwPwbR2QaJXmRzkEAQ184GL R6nHvPlVlw9ocv5QBFTGN1kJI1nRCYAkbB/EmLZL8rlO8kfm3Ri2oOwsfOm1IwI= =JI9R -----END PGP SIGNATURE----- _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
