Project

General

Profile

Bug #16978

Install Enigmail from Buster

Added by segfault about 1 month ago. Updated 13 days ago.

Status:
Resolved
Priority:
Elevated
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
bugfix/16978-install-enigmail-from-buster
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

With #16738, we pinned Enigmail to Bullseye, to have a version that is not vulnerable to https://security-tracker.debian.org/tracker/CVE-2019-12269.

We should revert commit e812b16f9433db21401ae59f7fa352bd16145144 once this issue is fixed in Enigmail in Buster.


Related issues

Related to Tails - Bug #16738: Enigmail vulnerable to signature spoofing (again): CVE-2019-12269 Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision b502c5e8 (diff)
Added by segfault 14 days ago

Revert "Install enigmail from Bullseye" (refs: #16978)

This reverts commit e812b16f9433db21401ae59f7fa352bd16145144.

In #16738, we pinned enigmail to Bullseye, to have a version not vulnerable to
CVE-2019-12269. Buster now has 2:2.0.12+ds1-1~deb10u1, which is also not
vulnerable, so we revert the pinning to Bullseye.

Revision ccd212eb (diff)
Added by segfault 14 days ago

Revert "Install enigmail from Bullseye" (refs: #16978)

This reverts commit e812b16f9433db21401ae59f7fa352bd16145144.

In #16738, we pinned enigmail to Bullseye, to have a version not vulnerable to
CVE-2019-12269. Buster now has 2:2.0.12+ds1-1~deb10u1, which is also not
vulnerable, so we revert the pinning to Bullseye.

Revision 1be30b68
Added by intrigeri 13 days ago

Merge branch 'bugfix/16978-install-enigmail-from-buster' into devel (Closes: #16978)

History

#1 Updated by segfault about 1 month ago

#2 Updated by segfault about 1 month ago

  • Related to Bug #16738: Enigmail vulnerable to signature spoofing (again): CVE-2019-12269 added

#3 Updated by intrigeri about 1 month ago

  • Type of work changed from Code to Wait

#4 Updated by intrigeri 22 days ago

It's now in s-p-u: https://release.debian.org/proposed-updates/stable.html#enigmail_2.0.12+ds1-1~deb10u1. So it'll be part of the upcoming Buster 10.1, scheduled for September 7. Which means we can switch to that version in 4.0 :)

#5 Updated by intrigeri 22 days ago

  • Description updated (diff)

#6 Updated by intrigeri 21 days ago

#7 Updated by intrigeri 21 days ago

#8 Updated by intrigeri 21 days ago

  • Priority changed from Normal to Elevated

Release blocker: otherwise, there's a change we downgrade Enigmail between 4.0 and 4.1, which would be a problem (for example, there's often code paths that migrate prefs to a newer versions, but migrating to an older version is unsupported).

#9 Updated by intrigeri 14 days ago

  • Type of work changed from Wait to Code

Buster now has 2:2.0.12+ds1-1~deb10u1.

#10 Updated by segfault 14 days ago

  • Assignee set to segfault

#11 Updated by segfault 14 days ago

  • Status changed from Confirmed to In Progress

#12 Updated by segfault 14 days ago

  • Status changed from In Progress to Needs Validation
  • Assignee deleted (segfault)

#13 Updated by intrigeri 13 days ago

  • Assignee set to intrigeri

Thanks!

#14 Updated by intrigeri 13 days ago

  • Feature Branch set to bugfix/16978-install-enigmail-from-buster

#15 Updated by intrigeri 13 days ago

Code review passes and Jenkins is happy.

I'll build & test Enigmail manually as I'm not sure whether segfault did it (and we have no automated tests for it).

#16 Updated by intrigeri 13 days ago

  • Status changed from Needs Validation to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF