CVE-2017-17843 (retired)

Priority
Description
An issue was discovered in Enigmail before 1.9.9 that allows remote
attackers to trigger use of an intended public key for encryption, because
incorrect regular expressions are used for extraction of an e-mail address
from a comma-separated list, as demonstrated by a modified Full Name field
and a homograph attack, aka TBE-01-002.
Notes
Package
Upstream:released (2:1.9.9-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2:1.9.9-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2:1.9.9-1)
More Information

Updated: 2019-10-09 07:59:39 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)