Enigmail 2.0.5 provides better protection against efail: https://sourceforge.net/p/enigmail/forum/announce/thread/2905e54a/ It will reject unusual combinations of multipart messages, particularly it prevents one from putting HTML in front of an encrypted part in the same renderer, which kills a lot of the remaining efail scenarios. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8e9943cf9db1a016678ccc3e32a6af31aa7fc34 commit c8e9943cf9db1a016678ccc3e32a6af31aa7fc34 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-05-22 08:20:47 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-05-22 08:20:47 +0000 x11-plugins/enigmail: Security bump to version 2.0.5 Bug: https://bugs.gentoo.org/656258 Package-Manager: Portage-2.3.38, Repoman-2.3.9 x11-plugins/enigmail/Manifest | 1 + x11-plugins/enigmail/enigmail-2.0.5.ebuild | 83 ++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82e61dc60f310e372b6a0b32f2b63377e7cf7aee commit 82e61dc60f310e372b6a0b32f2b63377e7cf7aee Author: Ian Stakenvicius <axs@gentoo.org> AuthorDate: 2018-05-22 21:52:54 +0000 Commit: Ian Stakenvicius <axs@gentoo.org> CommitDate: 2018-05-22 22:15:34 +0000 mail-client/thunderbird{,-bin}: bump to 52.8.0 for security thunderbird-bin bumped directly to stable by maintainer Bug: http://bugs.gentoo.org/656258 Bug: http://bugs.gentoo.org/656092 Package-Manager: Portage-2.3.24, Repoman-2.3.6 mail-client/thunderbird-bin/Manifest | 118 +++---- ...52.7.0.ebuild => thunderbird-bin-52.8.0.ebuild} | 2 +- mail-client/thunderbird/Manifest | 58 ++++ mail-client/thunderbird/thunderbird-52.8.0.ebuild | 342 +++++++++++++++++++++ 4 files changed, 460 insertions(+), 60 deletions(-)
GLSA Vote: No