CVE-2018-12019

Priority
Description
The signature verification routine in Enigmail before 2.0.7 interprets user
ids as status/control messages and does not correctly keep track of the
status of multiple signatures, which allows remote attackers to spoof
arbitrary email signatures via public keys containing crafted primary user
ids.
Package
Upstream:released (2.0.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-09-19 14:43:21 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)