Bug ID 1093836
Summary Recent security fix for enigmail breaks e-mail decryption or sender validation
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware x86-64
OS Other
Status NEW
Severity Critical
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter manfred.h@gmx.net
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I just installed enigmail-2.0.4-12.1.x86_64 on my otherwise up-to-date system
running openSUSE Leap 42.3, just to figure out that e-mail decryption or sender
validation is no longer possible. When I click on an encrypted message received
from someone whose public key is already stored in my keyring, I now only see
the following:

  Enigmail: Error - no matching secret found to decrypt message

Downgrading to enigmail-1.9.9-9.1 results in a fully working
MozillaThunderbird/enigmail combination.

Since openSUSE Leap 15.0 already has enigmail-2.0.2 and gpg2-2.2, I booted into
Leap 15.0 to run the same test opening the exact same e-mail, and there it
works as expected. From reading the enigmail's changelog, it may be caused by
the old gpg2 version (2.0.24-8) available on Leap 42.3.

Anyway, using enigmail >= 2.0 with gpg2 < 2.2 on Leap 42.3 is a no-go! The
released security update for enigmail is not compatible and should be reverted.

You are receiving this mail because: