UbuntuUpdates.org

Package "enigmail"

Name: enigmail

Description:

GPG support for Thunderbird and Debian Icedove

Latest version: 2:2.0.8-1~ubuntu0.14.04.2
Release: trusty (14.04)
Level: security
Repository: universe
Homepage: https://www.enigmail.net/

Links


Download "enigmail"


Other versions of "enigmail" in Trusty

Repository Area Version
base universe 2:1.5.2-0ubuntu1
updates universe 2:2.0.8-1~ubuntu0.14.04.2
PPA: Ubuntu Mozilla Security 2:2.0.8-1~ubuntu0.14.04.2

Changelog

Version: 2:2.0.8-1~ubuntu0.14.04.2 2018-10-15 17:06:21 UTC

  enigmail (2:2.0.8-1~ubuntu0.14.04.2) trusty-security; urgency=medium

  * Backport 2.0.8 to trusty for Thunderbird 60.*
  * Revert the Debian changes to drop OpenPGP.js, as it requires a newer gnupg
    - update debian/control
    - remove debian/patches/remove-openpgpjs/0017-avoid-OpenPGP.js-when-building.patch
    - remove debian/patches/remove-openpgpjs/0018-copy-enums.armor-from-OpenPGP.js.patch
    - remove debian/patches/remove-openpgpjs/0019-avoid-OpenPGP.js-during-key-file-import.patch
    - remove debian/patches/remove-openpgpjs/0020-drop-use-of-OpenPGP.js-for-generating-minimal-keys.patch
    - add debian/patches/restore-openpgpjs.patch
    - update debian/patches/series
  * Relax debhelper requirement
    - update debian/control
    - update debian/compat
  * Use dh-autoreconf
    - update debian/control
    - update debian/rules

 -- Chris Coulson <email address hidden> Mon, 08 Oct 2018 18:10:33 +0100

Source diff to previous version

Version: 2:2.0.7-0ubuntu1~14.04.1 2018-06-14 19:06:42 UTC

  enigmail (2:2.0.7-0ubuntu1~14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Spoofing of Email signatures
    - CVE-2018-12019, CVE-2018-12020

  * Backport 2.0.7 to trusty
  * Relax debhelper requirement
    - update debian/control
    - update debian/compat

 -- Chris Coulson <email address hidden> Thu, 14 Jun 2018 13:29:27 +0100

Source diff to previous version
CVE-2018-12019 The signature verification routine in Enigmail before 2.0.7 interprets ...
CVE-2018-12020 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof

Version: 2:2.0.6-0ubuntu1~14.04.1 2018-05-29 23:06:22 UTC

  enigmail (2:2.0.6-0ubuntu1~14.04.1) trusty-security; urgency=medium

  * Backport 2.0.6 to trusty
  * Relax debhelper requirement
    - update debian/control
    - update debian/compat

 -- Chris Coulson <email address hidden> Tue, 29 May 2018 16:56:35 +0100

Source diff to previous version

Version: 2:2.0.3-0ubuntu2~14.04.1 2018-05-15 16:06:58 UTC

  enigmail (2:2.0.3-0ubuntu2~14.04.1) trusty-security; urgency=medium

  * Backport 2.0.3 to trusty
  * Relax debhelper requirement
    - update debian/control
    - update debian/compat

 -- Chris Coulson <email address hidden> Mon, 14 May 2018 23:48:06 +0100

Source diff to previous version

Version: 2:1.9.9-0ubuntu0.14.04.1 2018-01-22 20:06:18 UTC

  enigmail (2:1.9.9-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Update to 1.9.9 to fix multiple security issues
    - CVE-2017-17843, CVE-2017-17844, CVE-2017-17845, CVE-2017-17846,
      CVE-2017-17847, CVE-2017-17848

 -- Marc Deslauriers <email address hidden> Fri, 19 Jan 2018 10:38:43 -0500

CVE-2017-17843 An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorr
CVE-2017-17844 An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacke
CVE-2017-17845 An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp)
CVE-2017-17846 An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily
CVE-2017-17847 An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment s
CVE-2017-17848 An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages becau



About   -   Send Feedback to @ubuntu_updates