1
Candidate: CVE-2017-17848
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17848
5
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
6
https://lists.debian.org/debian-security-announce/2017/msg00333.html
7
https://sourceforge.net/p/enigmail/bugs/709/
8
https://www.debian.org/security/2017/dsa-4070
10
An issue was discovered in Enigmail before 1.9.9. In a variant of
11
CVE-2017-17847, signature spoofing is possible for multipart/related
12
messages because a signed message part can be referenced with a cid: URI
13
but not actually displayed. In other words, the entire containing message
14
appears to be signed, but the recipient does not see any of the signed
25
upstream_enigmail: released (2:1.9.9-1)
26
precise/esm_enigmail: DNE
27
trusty_enigmail: released (2:1.9.9-0ubuntu0.14.04.1)
28
xenial_enigmail: released (2:1.9.9-0ubuntu0.16.04.1)
29
zesty_enigmail: ignored (reached end-of-life)
30
artful_enigmail: released (2:1.9.9-0ubuntu0.17.10.1)
31
devel_enigmail: not-affected (2:1.9.9-1)