-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4070-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 21, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : enigmail
CVE ID         : not yet available

Multiple vulnerabilities were discovered in Enigmail, an OpenPGP
extension for Thunderbird, which could result in a loss of
confidentiality, faked signatures, plain text leaks and denial of
service. Additional information can be found under
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

For the oldstable distribution (jessie), this problem has been fixed
in version 2:1.9.9-1~deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 2:1.9.9-1~deb9u1.

We recommend that you upgrade your enigmail packages.

For the detailed security status of enigmail please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/enigmail

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlo8DDoACgkQEMKTtsN8
TjaU/w//QGpZp546SbzcrhM9uW2qRkXCXpiOCu279FZeFZLU7EMn5KLERc9kizKS
CUYR/vNBrn1a+A5Bv1PzroyZ3cr+3bECQjTXLj9scEPLI0s39LcxQ5Nc686jsBla
mNBCabhZABwrwLncwXpPptrAjow9Xi6NfMZSL9SvYRnBpfOK1k31QsVgc/keJp8O
KXtpkbg2WDFdAUsp1NQhI6sBNG1taydXRS2b8l+hvtfK6RWmVbRDFz3J3d1GNScr
wY7TlEoOjhX6DD2hYanYGHSZ7rDSiDThpeGdjry/XuG+hS4WssclONrMdYE7z3U1
MwlT6WhS6ScwUrEjzSpslQdDOHYE4blW7+F8/s9RjvH6C7LTUWt5TITW7KOaiOKD
sSJ4/chAtzPA5978AZjJ+T1ZynYlNPX9SLJOOHsOQmotk/GE8dtzLevVASxmTYk+
3Lnf0u4Gy8Mu1va4i6N6q0N7wTBjLZ4/gCwHAqhO69+M/dUtl0+mgh3MCrmf/+1U
fkjtPhaYg0RwdfYT39UknpFL2BPYiLFolIpKe1RaZ4WcSI7rgDi+rZNHHGoJ7XDg
7A/kmoqWkkEE3QgIrDZABluzbGqbLxS+KkShfEfuLxVxyWA4JKqGYN+exCqRAz3O
Kq6xoIc8vvurCRA+cgIXcEV2OsKALdEz8TQxRbAuWfOZKaIPhDs=
=ctoe
-----END PGP SIGNATURE-----