rpm package
suse/enigmail&distro=SUSE Package Hub 12
pkg:rpm/suse/enigmail&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-12269 | — | < 2.0.11-31.1 | 2.0.11-31.1 | May 21, 2019 | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | ||
| CVE-2017-17689 | — | < 2.0.4-9.1 | 2.0.4-9.1 | May 16, 2018 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||
| CVE-2017-17688 | — | < 2.0.4-9.1 | 2.0.4-9.1 | May 16, 2018 | The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o |
- CVE-2019-12269May 21, 2019affected < 2.0.11-31.1fixed 2.0.11-31.1
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
- CVE-2017-17689May 16, 2018affected < 2.0.4-9.1fixed 2.0.4-9.1
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
- CVE-2017-17688May 16, 2018affected < 2.0.4-9.1fixed 2.0.4-9.1
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o