http://bugzilla.opensuse.org/show_bug.cgi?id=1141025 Bug ID: 1141025 Summary: VUL-1: enigmail: mitigation against SKS Keyserver Network Attack Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: bnc-team-gnome@forge.provo.novell.com Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de CC: wolfgang@rosenauer.org Found By: Security Response Team Blocker: --- Due to an implementation of the SKS keyserver network, malicious users could poison specific keys with many key signature packages. The specific keys would then become unusable due to their size and number of signatures. Enigmail 2.0.12 changes the default keyserver to keys.openpgp.org in order to mitigate the SKS Keyserver Network Attack. References: https://enigmail.net/index.php/en/download/changelog#enig2.0.12 https://gitlab.com/enigmail/enigmail/commit/5868fa72d3d04e73258a7f1417bd8552... https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f -- You are receiving this mail because: You are on the CC list for the bug.