Your message dated Thu, 14 Jun 2018 17:20:38 +0000 with message-id <e1ftvvk-0004ev...@fasolo.debian.org> and subject line Bug#898630: fixed in enigmail 2:2.0.7-2 has caused the Debian Bug report #898630, regarding enigmail: efail attack against enigmail to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 898630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898630 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: enigmail Severity: grave Tags: security Justification: user security hole Hi Daniel, in case you haven't already heard about it by now, a vulnerability has been published against S/MIME and PGP/MIME in various email clients, including thunderbird (and enigmail). I'm unsure if CVE-2017-17688 (OpenPGP CFB gadget attacks) applies to Thunderbird/enigmail or only GnuPG, but the PGP/MIME vulnerability does apply to enigmail. Some fixes apparently went in to enigmail 2.0.0 but I'm unsure which of them yet, so any pointers appreciated (for example by closing with the correct version number :). I think we'll likely want to release a DSA too. Regards, -- Yves-Alexis -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages enigmail depends on: ii gnupg 2.2.5-1 ii gpg-agent [gnupg-agent] 2.2.5-1 pn thunderbird | icedove <none> Versions of packages enigmail recommends: ii pinentry-gnome3 [pinentry-x11] 1.1.0-1+b1 ii pinentry-gtk2 [pinentry-x11] 1.1.0-1+b1 enigmail suggests no packages.
--- End Message ---
--- Begin Message ---Source: enigmail Source-Version: 2:2.0.7-2 We believe that the bug you reported is fixed in the latest version of enigmail, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 898...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated enigmail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 Jun 2018 13:06:56 -0400 Source: enigmail Binary: enigmail Architecture: source Version: 2:2.0.7-2 Distribution: unstable Urgency: medium Maintainer: Debian Mozilla Extension Maintainers <pkg-mozext-maintain...@lists.alioth.debian.org> Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net> Description: enigmail - GPG support for Thunderbird and Debian Icedove Closes: 888897 898630 Changes: enigmail (2:2.0.7-2) unstable; urgency=medium . * acknowledge accidental move to unstable (oops) (closes: #888897, #898630) * skip unit tests for now, since they cause build failures Checksums-Sha1: 1304828cd34ec02a93b88f867291cc313b404d52 1774 enigmail_2.0.7-2.dsc 0bf61b7fc0f9256f7a9c5c5bec847d4879613887 140120 enigmail_2.0.7-2.debian.tar.xz c66979da7b8af7cfbebaa680062700192aaa7782 11387 enigmail_2.0.7-2_amd64.buildinfo Checksums-Sha256: d580f7d6440b6537d84233aa779b8918e6885bccd04d666d29c45ea048a77232 1774 enigmail_2.0.7-2.dsc 66fa3adfd8eee0931bd447ef9cdccaa1605449929c4de8266d22bcebf0c4f3ee 140120 enigmail_2.0.7-2.debian.tar.xz 42a0de22b357a25037ec070fee352f04cdc3d428534589b8cc898be742af33fd 11387 enigmail_2.0.7-2_amd64.buildinfo Files: de95a2990b964580cc38a35b91bc0d23 1774 mail optional enigmail_2.0.7-2.dsc b515479c2b761c1fe827642959a43cdc 140120 mail optional enigmail_2.0.7-2.debian.tar.xz e7fbdbd805a5c4bef551f66a0c30c375 11387 mail optional enigmail_2.0.7-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTTaP514aqS9uSbmdJsHx7ezFD6UwUCWyKhugAKCRBsHx7ezFD6 UxPiAP94Ke9WRB9ns45h8k/yxMeDFiqgpuBgXC5kPtBLAVUp+QD/QiN6ZosaJ0/X mFjiFHtyXtcjmN8mRGLUVxe7Dwpv5wM= =qG5D -----END PGP SIGNATURE-----
--- End Message ---
