Security update for enigmail
This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures:
- CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525)
- CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745)
This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1097525
VUL-0: CVE-2018-12019: enigmail: signature spoofing vulnerability
bnc#1096745
VUL-0: CVE-2018-12020: gpg2,enigmail: Sanitize the diagnostic output of the original file name in verbose mode
