Bug 23140

Summary: thunderbird-enigmail should be updated in the next Thunderbird update
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Florian Hubold <doktor5000>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, lists.jjorge, marja11, mhrambo3501, nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: thunderbird CVE:
Status comment:
Bug Depends on: 23277    
Bug Blocks:    

Description David Walser 2018-06-07 22:44:09 CEST 
Fedora has issued an advisory on June 6:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MSDVIS7ZF7QYW2ZQIWHAYRICTD5P36LC/

Enigmail 2.0.6 has more EFAIL fixes.  We have 2.0.5 currently.
Comment 1 David Walser 2018-06-07 23:08:24 CEST 
Advisory from openSUSE on May 28 with more detail on the issue fixed:
https://lists.opensuse.org/opensuse-updates/2018-05/msg00133.html
Comment 2 Marja Van Waes 2018-06-08 21:27:05 CEST 
Assigning to the registered maintainer, CC'ing some recent committers/pushers

Assignee: bugsquad => doktor5000
CC: (none) => geiger.david68210, lists.jjorge, marja11, mrambo, nicolas.salguero

Comment 3 David Walser 2018-06-17 01:33:55 CEST 
Enigmail 2.0.6.1 fixes CVE-2018-12019:
https://neopg.io/blog/enigmail-signature-spoof/
http://openwall.com/lists/oss-security/2018/06/13/10
Comment 5 David Walser 2018-06-18 22:45:18 CEST 
Advisory from openSUSE on June 15 with the latest fixes:
https://lists.opensuse.org/opensuse-updates/2018-06/msg00094.html
David Walser 2018-07-04 00:40:01 CEST

Depends on: (none) => 23277

Comment 6 David Walser 2018-07-24 04:33:50 CEST 
Fixed in:
https://advisories.mageia.org/MGASA-2018-0316.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED