Debians sikkerhedsbulletin
DSA-889-1 enigmail -- programmeringsfejl
- Rapporteret den:
- 8. nov 2005
- Berørte pakker:
- enigmail
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 335731.
I Mitres CVE-ordbog: CVE-2005-3256.
CERTs noter om sårbarheder, bulletiner og hændelser: VU#805121. - Yderligere oplysninger:
-
Hadmut Danish har opdaget en fejl i enigmail, GPG-understøttelse til Mozilla MailNews og Mozilla Thunderbird. Fejlen kunne medføre kryptering af mail med den forkerte offentlige nøgle, hvorved der potentielt kunne afsløres følsomme oplysninger til andre.
Den gamle stabile distribution (woody) indeholder ikke enigmail-pakker.
I den stabile distribution (sarge) er dette problem rettet i version 0.91-4sarge2.
I den ustabile distribution (sid) er dette problem rettet i version 0.93-1.
Vi anbefaler at du opgraderer dine enigmail-pakker.
- Rettet i:
-
Debian GNU/Linux 3.1 (sarge)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.dsc
- http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.diff.gz
- http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_arm.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_arm.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_i386.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_i386.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mips.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mips.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_s390.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_s390.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.