CVE-2017-17847 (retired)

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is
possible because the UI does not properly distinguish between an attachment
signature, and a signature that applies to the entire containing message,
aka TBE-01-021. This is demonstrated by an e-mail message with an
attachment that is a signed e-mail message in message/rfc822 format.
Upstream:released (2:1.9.9-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2:1.9.9-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2:1.9.9-1)
More Information

Updated: 2019-08-23 09:14:07 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)