Candidate: CVE-2014-5369
PublicDate: 2014-09-08 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5369
 http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#b315
Description:
 Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is
 enabled and only BCC recipients are specified, which allows remote
 attackers to obtain sensitive information by sniffing the network.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/enigmail/+bug/1363824
Priority: low
Discovered-by:
Assigned-to: ChrisCoulson
CVSS: 

Patches_enigmail:
upstream_enigmail: released (1.7.2)
lucid_enigmail: ignored (readched end-of-life)
precise_enigmail: released (2:1.7.2-0ubuntu0.12.04.1)
trusty_enigmail: released (2:1.7.2-0ubuntu0.14.04.1)
trusty/esm_enigmail: DNE (trusty was released [2:1.7.2-0ubuntu0.14.04.1])
utopic_enigmail: released (2:1.7.2-0ubuntu0.14.10.1)
devel_enigmail: released (2:1.7.2-0ubuntu1)