[SECURITY] [DLA 1219-1] enigmail security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1219-1] enigmail security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sat, 23 Dec 2017 12:35:08 +0100
Message-id: <[🔎] e64ce501-1394-a685-4366-69c021107319@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : enigmail
Version        : 2:1.9.9-1~deb7u1
CVE ID         : CVE-2017-17843 CVE-2017-17844 CVE-2017-17845 CVE-2017-17846 
                 CVE-2017-17847 CVE-2017-17848

Multiple vulnerabilities were discovered in Enigmail, an OpenPGP
extension for Thunderbird, which could result in a loss of
confidentiality, faked signatures, plain text leaks and denial of
service. Additional information can be found under
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.9.9-1~deb7u1.

We recommend that you upgrade your enigmail packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlo+P2wACgkQnUbEiOQ2
gwLvEA/9HEDdLgsPf5iTUdTVtKXyCm/coBHiWRKH3/rChlXofh55Q0vyxb8wrgAt
UBOeylQ3Ft+2d1HxbxVoIlrjR0Skzm5fyDIuSDno2BgyRqA6ArKovvSHC7UyZxJb
4vklXev7MvWDhiNs8CD6DYfb3wQm2BpL5ncIayPPZv3nnBe/LlH5M89QLEnv+lUz
s5WgzQ36lGot0OZC/9oOoKHYeryfibRrW+WpFStu5a1OfjZeK10lCCHjORKrE6Sa
24ccSiQ0mP6cNITfv+/aFeRaujDw88VY/e74mK51yYbYyA8Fi8wQhlOfE9kaoJDj
9kqK3OvuK40N4l2pHmVBvyuWqYnOXw4riodnzqh4hwT++8uhYbHXiwQGmThoACGH
gOrqKKwcch/YdgaT3P4DAb0QqinW2nFqREf2XUIX0uW5kVQ3lsNibif9+ZSQwgB8
qwLmsGM157sofLFcranXNmL9Vm3lIWU71VJV5zmiWR9/PzXfQSDlGFOgpo6A9Zvh
EsHrPm+maGPYN598I5j86BPC7d2xmxanDPrCwa3NSMcoDlBV7S9zzLeEO/zZRv+Z
De7N5o+NEqIew01jvbiOWjbrVKSlb5E4f3UpS0rfAX9gPPJWiM9AbYQCus3cJiFn
phGVErzofShK7JpTmmVcYWWWtlSXA4RnIGinUb0LtVgy1EgbpPw=
=zF6j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1218-1] rsync security update
Next by Date: [SECURITY] [DLA 1217-1] irssi security update
Previous by thread: [SECURITY] [DLA 1218-1] rsync security update
Next by thread: [SECURITY] [DLA 1217-1] irssi security update
Index(es):
- Date
- Thread