Update Info


Security update for enigmail

Type: security
Severity: moderate
Issued: 2019-03-23
This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures:

- CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525)
- CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745)
This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.



  • enigmail-2.0.7-18.1