Search for packages
Package details: pkg:deb/debian/enigmail@2:2.2.4-0.2~deb10u1
purl pkg:deb/debian/enigmail@2:2.2.4-0.2~deb10u1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (12)
Vulnerability Summary Aliases
VCID-1zm7-heez-fues security update CVE-2017-17848
VCID-29gr-h2my-rqcs The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification CVE-2017-17688
VCID-c4zg-arzg-2uee security update CVE-2017-17847
VCID-enr2-xbuh-yudn Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. CVE-2019-12269
VCID-h27q-8sx3-pkd1 Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. CVE-2018-15586
VCID-hmzv-g2e8-73dt The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. CVE-2018-12019
VCID-kpkz-859c-hqbw security update CVE-2017-17846
VCID-p6xn-vjxt-3qcu mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. CVE-2018-12020
VCID-pk9q-8186-33b4 In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. CVE-2019-14664
VCID-t4h3-9hhv-ukaf security update CVE-2017-17844
VCID-urr8-t2pw-x3dp security update CVE-2017-17845
VCID-uty6-cyt1-47e1 security update CVE-2017-17843

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T20:16:56.170016+00:00 Debian Oval Importer Fixing VCID-p6xn-vjxt-3qcu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T20:04:35.384808+00:00 Debian Oval Importer Fixing VCID-h27q-8sx3-pkd1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T19:39:22.029230+00:00 Debian Oval Importer Fixing VCID-t4h3-9hhv-ukaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T18:14:24.296051+00:00 Debian Oval Importer Fixing VCID-enr2-xbuh-yudn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T17:41:42.092111+00:00 Debian Oval Importer Fixing VCID-c4zg-arzg-2uee https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:21:22.298518+00:00 Debian Oval Importer Fixing VCID-uty6-cyt1-47e1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:16:28.988768+00:00 Debian Oval Importer Fixing VCID-1zm7-heez-fues https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:24:02.845238+00:00 Debian Oval Importer Fixing VCID-urr8-t2pw-x3dp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:32:30.882055+00:00 Debian Oval Importer Fixing VCID-kpkz-859c-hqbw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:27:44.284513+00:00 Debian Oval Importer Fixing VCID-29gr-h2my-rqcs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:05:35.912771+00:00 Debian Oval Importer Fixing VCID-pk9q-8186-33b4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:29:27.082524+00:00 Debian Oval Importer Fixing VCID-hmzv-g2e8-73dt https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:11:47.235186+00:00 Debian Oval Importer Fixing VCID-c4zg-arzg-2uee https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T11:10:46.311687+00:00 Debian Oval Importer Fixing VCID-t4h3-9hhv-ukaf https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:59:42.197779+00:00 Debian Oval Importer Fixing VCID-kpkz-859c-hqbw https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:53:55.095319+00:00 Debian Oval Importer Fixing VCID-uty6-cyt1-47e1 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:51:26.978238+00:00 Debian Oval Importer Fixing VCID-1zm7-heez-fues https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:36:04.598143+00:00 Debian Oval Importer Fixing VCID-urr8-t2pw-x3dp https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0