Debians sikkerhedsbulletin

DSA-889-1 enigmail -- programmeringsfejl

Rapporteret den:
8. nov 2005
Berørte pakker:
enigmail
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Debians fejlsporingssystem: Fejl 335731.
I Mitres CVE-ordbog: CVE-2005-3256.
CERTs noter om sårbarheder, bulletiner og hændelser: VU#805121.
Yderligere oplysninger:

Hadmut Danish har opdaget en fejl i enigmail, GPG-understøttelse til Mozilla MailNews og Mozilla Thunderbird. Fejlen kunne medføre kryptering af mail med den forkerte offentlige nøgle, hvorved der potentielt kunne afsløres følsomme oplysninger til andre.

Den gamle stabile distribution (woody) indeholder ikke enigmail-pakker.

I den stabile distribution (sarge) er dette problem rettet i version 0.91-4sarge2.

I den ustabile distribution (sid) er dette problem rettet i version 0.93-1.

Vi anbefaler at du opgraderer dine enigmail-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.dsc
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.diff.gz
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_alpha.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_amd64.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_arm.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_i386.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_ia64.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_hppa.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_m68k.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mips.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_s390.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_sparc.deb
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.