Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 656790 - <x11-plugins/enigmail-2.0.6: Incomplete fix for efail
Summary: <x11-plugins/enigmail-2.0.6: Incomplete fix for efail
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks: CVE-2017-17688
  Show dependency tree
 
Reported: 2018-05-28 18:55 UTC by Hanno Böck
Modified: 2018-11-23 21:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2018-05-28 18:55:56 UTC 
enigmail has published another security fix (2.0.6) that properly prevents displaying unencrypted HTML parts together with encrypted parts. This was already intended in 2.0.5, but didn't work completely. It was still possible to put HTML below an encrypted part, which allows redressing and social engineering attacks.

Please bump.

Upstream changelog:
https://enigmail.net/index.php/en/download/changelog
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2018-06-01 14:19:20 UTC 
You cannot expect any bump if you do not even CC the responsible team of this package.
Comment 2 Larry the Git Cow gentoo-dev 2018-06-01 14:20:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c423e0accff8ecf64926257e1eddc965c606a1a9

commit c423e0accff8ecf64926257e1eddc965c606a1a9
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-06-01 14:20:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-06-01 14:20:03 +0000

    x11-plugins/enigmail: Security bump to version 2.0.6
    
    Bug: https://bugs.gentoo.org/656790
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 x11-plugins/enigmail/Manifest              |  1 +
 x11-plugins/enigmail/enigmail-2.0.6.ebuild | 83 ++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-11-23 21:18:04 UTC 
GLSA Vote: No