Security fix for CVE-2019-14664, CVE-2019-12269 and compatibility with Thunderbird 68

How to install

sudo dnf upgrade --advisory=FEDORA-2019-45a744b873

This update has been submitted for testing by fschwarz.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

fschwarz edited this update.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon khambrecht provided feedback 2 years ago
karma
BZ#1660478 thunderbird-enigmail: HTTP authentication dialog may be triggered [fedora-all]
BZ#1712723 CVE-2019-12269 thunderbird-enigmail: signature spoofing in inline PGP message [fedora-all]
BZ#1749211 CVE-2019-14664 thunderbird-enigmail: information leak in response to encrypted mail [fedora-all]
BZ#1752435 enigmail version 2.1 needs to be packaged to work with thunderbird 68
User Icon dimitrisk commented & provided feedback 2 years ago
karma

Works for me, no regressions, Enigmail works again with TB 68.

BZ#1752435 enigmail version 2.1 needs to be packaged to work with thunderbird 68

This update can be pushed to stable now if the maintainer wishes

2 years ago

fschwarz edited this update.

New build(s):

  • thunderbird-enigmail-2.1.3-4.fc30

Removed build(s):

  • thunderbird-enigmail-2.1.3-3.fc30

Karma has been reset.

2 years ago

This update has been submitted for testing by fschwarz.

2 years ago
User Icon fschwarz commented & provided feedback 2 years ago

Thank you very much for your feedback - unfortunately there was a slight packaging error (package being available on some architectures where thunderbird is not available) which I wanted to fix as well so karma was reset. I'll try to push this to stable as soon as possible but giving new karma will help.

This update has been pushed to testing.

2 years ago
User Icon dimitrisk commented & provided feedback 2 years ago
karma

Updated, no issues.

BZ#1752435 enigmail version 2.1 needs to be packaged to work with thunderbird 68
User Icon khambrecht provided feedback 2 years ago
BZ#1752435 enigmail version 2.1 needs to be packaged to work with thunderbird 68
User Icon khambrecht provided feedback 2 years ago
karma

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by fschwarz.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1660478 thunderbird-enigmail: HTTP authentication dialog may be triggered [fedora-all]
0
0
BZ#1712723 CVE-2019-12269 thunderbird-enigmail: signature spoofing in inline PGP message [fedora-all]
0
0
BZ#1749211 CVE-2019-14664 thunderbird-enigmail: information leak in response to encrypted mail [fedora-all]
0
0
BZ#1752435 enigmail version 2.1 needs to be packaged to work with thunderbird 68
0
1

Automated Test Results