Bug ID | 1093836 |
---|---|
Summary | Recent security fix for enigmail breaks e-mail decryption or sender validation |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | x86-64 |
OS | Other |
Status | NEW |
Severity | Critical |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | manfred.h@gmx.net |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
I just installed enigmail-2.0.4-12.1.x86_64 on my otherwise up-to-date system running openSUSE Leap 42.3, just to figure out that e-mail decryption or sender validation is no longer possible. When I click on an encrypted message received from someone whose public key is already stored in my keyring, I now only see the following: Enigmail: Error - no matching secret found to decrypt message Downgrading to enigmail-1.9.9-9.1 results in a fully working MozillaThunderbird/enigmail combination. Since openSUSE Leap 15.0 already has enigmail-2.0.2 and gpg2-2.2, I booted into Leap 15.0 to run the same test opening the exact same e-mail, and there it works as expected. From reading the enigmail's changelog, it may be caused by the old gpg2 version (2.0.24-8) available on Leap 42.3. Anyway, using enigmail >= 2.0 with gpg2 < 2.2 on Leap 42.3 is a no-go! The released security update for enigmail is not compatible and should be reverted.