Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4070-1] enigmail security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4070-1] enigmail security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4070-1] enigmail security update
  • Date: Thu, 21 Dec 2017 20:33:18 +0100
  • List-archive: https://lists.debian.org/msgid-search/20171221193318.ni7cnpbfuj2cvn6o AT pisco.westfalen.local
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Thu, 21 Dec 2017 19:33:51 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <jTZxcwubjfC.A.PzB.eyAPaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4070-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 21, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : enigmail
CVE ID : not yet available

Multiple vulnerabilities were discovered in Enigmail, an OpenPGP
extension for Thunderbird, which could result in a loss of
confidentiality, faked signatures, plain text leaks and denial of
service. Additional information can be found under
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

For the oldstable distribution (jessie), this problem has been fixed
in version 2:1.9.9-1~deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 2:1.9.9-1~deb9u1.

We recommend that you upgrade your enigmail packages.

For the detailed security status of enigmail please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/enigmail

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlo8DDoACgkQEMKTtsN8
TjaU/w//QGpZp546SbzcrhM9uW2qRkXCXpiOCu279FZeFZLU7EMn5KLERc9kizKS
CUYR/vNBrn1a+A5Bv1PzroyZ3cr+3bECQjTXLj9scEPLI0s39LcxQ5Nc686jsBla
mNBCabhZABwrwLncwXpPptrAjow9Xi6NfMZSL9SvYRnBpfOK1k31QsVgc/keJp8O
KXtpkbg2WDFdAUsp1NQhI6sBNG1taydXRS2b8l+hvtfK6RWmVbRDFz3J3d1GNScr
wY7TlEoOjhX6DD2hYanYGHSZ7rDSiDThpeGdjry/XuG+hS4WssclONrMdYE7z3U1
MwlT6WhS6ScwUrEjzSpslQdDOHYE4blW7+F8/s9RjvH6C7LTUWt5TITW7KOaiOKD
sSJ4/chAtzPA5978AZjJ+T1ZynYlNPX9SLJOOHsOQmotk/GE8dtzLevVASxmTYk+
3Lnf0u4Gy8Mu1va4i6N6q0N7wTBjLZ4/gCwHAqhO69+M/dUtl0+mgh3MCrmf/+1U
fkjtPhaYg0RwdfYT39UknpFL2BPYiLFolIpKe1RaZ4WcSI7rgDi+rZNHHGoJ7XDg
7A/kmoqWkkEE3QgIrDZABluzbGqbLxS+KkShfEfuLxVxyWA4JKqGYN+exCqRAz3O
Kq6xoIc8vvurCRA+cgIXcEV2OsKALdEz8TQxRbAuWfOZKaIPhDs=
=ctoe
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4070-1] enigmail security update, Moritz Muehlenhoff, 21.12.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang