openSUSE Recommended Update: Recommended update for enigmail ______________________________________________________________________________ Announcement ID: openSUSE-RU-2018:4137-1 Rating: moderate References: #1118935 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for enigmail to version 2.0.9 fixes the following issues: Security issues fixed: * An HTTP authentication dialog maybe displayed during web key discovery, allowing remote attackers to possibly trick the user into entering e-mail credentials (boo#1118935) Non security issues fixed: * pEp - PGP/MIME signed-only messages are ignored * Autocrypt overrules manually created Per-Recipient Rules * "Re:" prefix on subject line disappears when editing encrypted, saved draft Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1550=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1550=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): enigmail-2.0.9-27.1 - openSUSE Leap 15.0 (x86_64): enigmail-2.0.9-lp150.2.18.1 References: https://bugzilla.suse.com/1118935