Overview

File _patchinfo of Package patchinfo.8314

<patchinfo incident="8314">
  <packager>AndreasStieger</packager>
  <issue tracker="cve" id="2018-12019"></issue>
  <issue tracker="bnc" id="1097525">VUL-0: CVE-2018-12019: enigmail: signature spoofing vulnerability</issue>
  <issue tracker="cve" id="2018-12020"></issue>
  <issue tracker="bnc" id="1096745">VUL-0: CVE-2018-12020: gpg2,enigmail: Sanitize the diagnostic output of the original file name in verbose mode</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for enigmail</summary>
  <description>This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures:

- CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525)
- CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745)
This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places