[Enigmail] Re: [ANN] Security Alert - Upgrade Recommended

Patrick Brunschwig patrick at mozilla-enigmail.org
Mon Sep 12 09:50:44 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here we go again -- this time without the patch. I hope the mailing list
now doesn't modify the message anymore. The patch is available as
clearsigned text from:
http://www.mozilla-enigmail.org/downloads/src/enigmail_v0_92_1.patch.txt

- -Patrick

Patrick Brunschwig wrote:
> The following security issue has been detected by Hadmut Danisch:
> 
> If an OpenPGP key contains an empty User ID, then the Key Selection
> Dialog in Enigmail used for selecting the keys to encrypt messages will
> always pre-select the key with the empty User ID, even if the mail
> should not be encrypted for such a key.
> 
> I have released Enigmail v0.92.1 in response to this bug. Upgrades are
> available for Windows, Linux, and Mac OS X from:
> http://enigmail.mozdev.org/download.html
> 
> We recommend to upgrade to Enigmail v0.92.1 as soon as possible.
> The patch for fixing this bug is attached to this message.
> 
> -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDJSVC2KgHx8zsInsRAkccAJ0cJqlSE1pKb02/GL+hwJujJzVcbQCbB8Dw
wjmdXk/ZE5UiHErjZsu0p7k=
=WEyD
-----END PGP SIGNATURE-----



More information about the Enigmail mailing list