CVE-2017-17848 (retired)

An issue was discovered in Enigmail before 1.9.9. In a variant of
CVE-2017-17847, signature spoofing is possible for multipart/related
messages because a signed message part can be referenced with a cid: URI
but not actually displayed. In other words, the entire containing message
appears to be signed, but the recipient does not see any of the signed
Upstream:released (2:1.9.9-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2:1.9.9-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:1.9.9-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2:1.9.9-1)
More Information

Updated: 2019-03-26 12:25:25 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)