Hello community, here is the log from the commit of package enigmail for openSUSE:Factory checked in at 2018-06-19 12:00:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/enigmail (Old) and /work/SRC/openSUSE:Factory/.enigmail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "enigmail" Tue Jun 19 12:00:50 2018 rev:28 rq:616655 version:2.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/enigmail/enigmail.changes 2018-06-02 12:14:28.318876064 +0200 +++ /work/SRC/openSUSE:Factory/.enigmail.new/enigmail.changes 2018-06-19 12:01:02.303879996 +0200 @@ -1,0 +2,15 @@ +Wed Jun 13 19:19:16 UTC 2018 - astieger@suse.com + +- enigmail 2.0.7: + * CVE-2018-12020: Mitigation against GnuPG signature spoofing: + Email signatures could be spoofed via an embedded "--filename" + parameter in OpenPGP literal data packets. This update prevents + this issue from being exploited if GnuPG was not updated + (boo#1096745) + * CVE-2018-12019: The signature verification routine interpreted + User IDs as status/control messages and did not correctly keep + track of the status of multiple signatures. This allowed remote + attackers to spoof arbitrary email signatures via public keys + containing crafted primary user ids (boo#1097525) + +------------------------------------------------------------------- Old: ---- enigmail-2.0.6.1.tar.gz enigmail-2.0.6.1.tar.gz.asc New: ---- enigmail-2.0.7.tar.gz enigmail-2.0.7.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ enigmail.spec ++++++ --- /var/tmp/diff_new_pack.yrawwb/_old 2018-06-19 12:01:04.367803364 +0200 +++ /var/tmp/diff_new_pack.yrawwb/_new 2018-06-19 12:01:04.383802770 +0200 @@ -18,7 +18,7 @@ Name: enigmail -Version: 2.0.6.1 +Version: 2.0.7 Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-2.0 ++++++ enigmail-2.0.6.1.tar.gz -> enigmail-2.0.7.tar.gz ++++++ ++++ 2042 lines of diff (skipped)