VulnerableCode Package Details - pkg:deb/ubuntu/enigmail@2:2.0.6-0ubuntu1

Search for packages

Vulnerability	Summary	Fixed by
VCID-26ff-fg5d-aaag Aliases: CVE-2018-15586	Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.	2:2.0.8-1~ubuntu0.14.04.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.0.8-1~ubuntu0.16.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dp99-r8vs-aaaj Aliases: CVE-2017-17688	DISPUTED The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.	2:2.0.8-1~ubuntu0.16.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wh7f-me2g-aaae Aliases: CVE-2019-12269	Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.	2:2.0.11+ds1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-26ff-fg5d-aaag
Aliases:
CVE-2018-15586

Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.

2:2.0.8-1~ubuntu0.14.04.2
Affected by 2 other vulnerabilities.

2:2.0.8-1~ubuntu0.16.04.2
Affected by 1 other vulnerability.

VCID-dp99-r8vs-aaaj
Aliases:
CVE-2017-17688

** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.

2:2.0.8-1~ubuntu0.16.04.2
Affected by 1 other vulnerability.

VCID-wh7f-me2g-aaae
Aliases:
CVE-2019-12269

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.

2:2.0.11+ds1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Next non-vulnerable version	2:2.0.11+ds1-1
Latest non-vulnerable version	2:2.0.11+ds1-1
Risk	3.4