This is apparently related to #641764 and #643490, but 1.9.9 is missing some fixes for the (now named, logo'd, FUDed and clickbaited) Efail class of vulnerabilities. Word on Twitter from the Enigmail developers: https://twitter.com/robertjhansen/status/995991538403545090 Upstream bug (this is the one not in 1.9.9): https://sourceforge.net/p/enigmail/bugs/721/ CVE for the general issue with OpenPGP-based software: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17688 Reproducible: Always
@maintainers, are you ready to stabilize new version? I've been using 2.0.2 without any issues for a while already at least.
(In reply to Kristian Fiskerstrand from comment #1) > @maintainers, are you ready to stabilize new version? I've been using 2.0.2 > without any issues for a while already at least. 2.0.2 is good to go stable.
Better go with 2.0.3 instead, as it fixes some crashes: https://www.enigmail.net/index.php/en/download/changelog#enig2.0.3
x86 stable
amd64 stable
Upstream has updated enigmail once again, see https://enigmail.net/index.php/en/download/changelog and https://sourceforge.net/p/enigmail/bugs/search/?q=status%3Afixed+%26%26+_fixed%3A2.0.4. Therefore we are restarting stabilization with =x11-plugins/enigmail-2.0.4
An automated check of this bug failed - the following atom is unknown: x11-plugins/enigmail-2.0.4 Please verify the atom list.
a newer version was already stabilized for all
Re-open for clean up. Michael Boyle Gentoo Security Padawan
2.0.8 is stable on ppc/ppc64. all arches stable
GLSA Vote: No
