Search for packages
Package details: pkg:deb/debian/enigmail@2:2.2.4-0.2~deb10u1
purl pkg:deb/debian/enigmail@2:2.2.4-0.2~deb10u1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (12)
Vulnerability Summary Aliases
VCID-26ff-fg5d-aaag Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. CVE-2018-15586
VCID-4u1u-zxbs-aaag mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. CVE-2018-12020
VCID-9su2-39qu-aaaq An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. CVE-2017-17843
VCID-dp99-r8vs-aaaj ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. CVE-2017-17688
VCID-evbp-9ahp-aaah An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format. CVE-2017-17847
VCID-pbcd-x8u1-aaap In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. CVE-2019-14664
VCID-q48g-cfy2-aaac An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. CVE-2017-17846
VCID-qspz-argh-aaac An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue. CVE-2017-17844
VCID-sex3-bzqx-aaap An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. CVE-2017-17845
VCID-wh7f-me2g-aaae Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. CVE-2019-12269
VCID-ynpj-hbv4-aaaa The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. CVE-2018-12019
VCID-zqy6-374k-aaan An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text. CVE-2017-17848

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:56:04.596921+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:27:10.370803+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:18:52.186102+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:53:47.080237+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:33:14.981271+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:30:44.702396+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:15:29.827372+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:56:30.066827+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:32:37.612442+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:22:52.598068+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:28:07.626233+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:20:43.370218+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:11:02.401402+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T11:08:47.923992+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:50:30.105548+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:40:50.281885+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:37:00.305538+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:14:08.063635+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T01:31:05.704626+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap None 36.1.3
2025-06-21T00:45:49.510401+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac None 36.1.3
2025-06-21T00:33:05.965526+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan None 36.1.3
2025-06-21T00:30:39.142222+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj None 36.1.3
2025-06-21T00:13:57.194555+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah None 36.1.3
2025-06-20T23:49:40.889346+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae None 36.1.3
2025-06-20T23:05:41.994637+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac None 36.1.3
2025-06-20T23:00:15.784953+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa None 36.1.3
2025-06-20T22:56:19.961305+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag None 36.1.3
2025-06-20T21:37:46.290668+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag None 36.1.3
2025-06-20T21:15:47.595981+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap None 36.1.3
2025-06-20T19:57:27.900354+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq None 36.1.3
2025-06-08T13:12:59.763323+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:35:46.883619+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:32:19.947208+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:16:35.274527+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:50:09.840007+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:27:49.538521+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T10:06:06.265462+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:59:57.856948+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:38:56.107164+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:18:59.735139+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:25:17.887455+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:09:19.335906+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:50:00.367956+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:25:41.249738+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:15:57.498537+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:22:09.278397+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:44:25.192236+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:38:13.446026+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:37:14.283882+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:26:14.677032+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:20:35.240035+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:18:06.850122+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:02:57.094561+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T18:54:02.639990+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap None 36.1.0
2025-06-07T18:08:21.156723+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac None 36.1.0
2025-06-07T17:55:44.373832+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan None 36.1.0
2025-06-07T17:53:18.107418+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj None 36.1.0
2025-06-07T17:36:48.954670+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah None 36.1.0
2025-06-07T17:12:33.276839+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae None 36.1.0
2025-06-07T16:28:53.470732+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac None 36.1.0
2025-06-07T16:23:27.294896+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa None 36.1.0
2025-06-07T16:19:36.553973+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag None 36.1.0
2025-06-07T15:00:29.820627+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag None 36.1.0
2025-06-07T14:39:54.645020+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap None 36.1.0
2025-06-07T13:47:08.206500+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq None 36.1.0
2025-04-12T22:39:30.309668+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:30:50.552719+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:12:24.428364+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:09:01.876918+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:44:57.084236+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:43:48.899585+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:40:14.222144+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:00:49.066320+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:22:19.404927+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:18:45.230254+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:02:21.286666+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:35:10.336143+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:09:01.267344+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:38:25.960464+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:32:15.225245+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:11:19.847526+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:51:08.301584+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:56:39.038695+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:41:18.361139+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:22:26.879372+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:58:19.878515+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:48:32.674065+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:54:24.717690+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:15:30.643534+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:09:09.433808+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T03:08:05.560375+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:56:15.979106+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:50:07.207744+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:47:30.943269+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:31:18.767677+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T17:31:53.075356+00:00 Debian Oval Importer Fixing VCID-pbcd-x8u1-aaap None 36.0.0
2025-04-07T16:45:33.578444+00:00 Debian Oval Importer Fixing VCID-qspz-argh-aaac None 36.0.0
2025-04-07T16:32:34.255764+00:00 Debian Oval Importer Fixing VCID-zqy6-374k-aaan None 36.0.0
2025-04-07T16:30:03.094165+00:00 Debian Oval Importer Fixing VCID-dp99-r8vs-aaaj None 36.0.0
2025-04-07T16:11:31.373648+00:00 Debian Oval Importer Fixing VCID-evbp-9ahp-aaah None 36.0.0
2025-04-07T15:46:17.067790+00:00 Debian Oval Importer Fixing VCID-wh7f-me2g-aaae None 36.0.0
2025-04-07T15:00:47.807573+00:00 Debian Oval Importer Fixing VCID-q48g-cfy2-aaac None 36.0.0
2025-04-07T14:55:16.210744+00:00 Debian Oval Importer Fixing VCID-ynpj-hbv4-aaaa None 36.0.0
2025-04-07T14:51:15.820852+00:00 Debian Oval Importer Fixing VCID-26ff-fg5d-aaag None 36.0.0
2025-04-07T13:32:21.986316+00:00 Debian Oval Importer Fixing VCID-4u1u-zxbs-aaag None 36.0.0
2025-04-07T13:11:59.407956+00:00 Debian Oval Importer Fixing VCID-sex3-bzqx-aaap None 36.0.0
2025-04-07T12:22:14.159368+00:00 Debian Oval Importer Fixing VCID-9su2-39qu-aaaq None 36.0.0