Lucene search

GoogleOSV:DSA-889-1

HistoryNov 08, 2005 - 12:00 a.m.

enigmail - programming error

2005-11-0800:00:00

Google

osv.dev

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Hadmut Danish discovered a bug in enigmail, GPG support for Mozilla
MailNews and Mozilla Thunderbird, that can lead to the encryption of
mail with the wrong public key, hence, potential disclosure of
confidential data to others.

The old stable distribution (woody) does not contain enigmail packages.

For the stable distribution (sarge) this problem has been fixed in
version 0.91-4sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 0.93-1.

We recommend that you upgrade your enigmail packages.

CPENameOperatorVersion
enigmaileq2:0.91-4
enigmaileq2:0.91-4sarge1

CPE	Name	Operator	Version
	enigmail	eq	2:0.91-4
	enigmail	eq	2:0.91-4sarge1

References

www.debian.org/security/2005/dsa-889

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for OSV:DSA-889-1