Bug #16978

Install Enigmail from Buster

Added by segfault 2019-08-14 15:31:08 . Updated 2019-09-09 20:01:30 .

Status:
Resolved
Priority:
Elevated
Assignee:
intrigeri
Category:
Target version:
Tails_4.0
Start date:
Due date:
% Done:

100%

Feature Branch:
bugfix/16978-install-enigmail-from-buster
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

With Bug #16738, we pinned Enigmail to Bullseye, to have a version that is not vulnerable to https://security-tracker.debian.org/tracker/CVE-2019-12269.

We should revert commit e812b16f9433db21401ae59f7fa352bd16145144 once this issue is fixed in Enigmail in Buster.

Subtasks

Related issues

Related to Tails - Bug #16738: Enigmail vulnerable to signature spoofing (again): CVE-2019-12269 Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by segfault 2019-08-14 15:31:28

#2 Updated by segfault 2019-08-14 15:32:34

  • related to Bug #16738: Enigmail vulnerable to signature spoofing (again): CVE-2019-12269 added

#3 Updated by intrigeri 2019-08-16 15:17:43

  • Type of work changed from Code to Wait

#4 Updated by intrigeri 2019-08-31 09:12:59

It’s now in s-p-u: https://release.debian.org/proposed-updates/stable.html#enigmail_2.0.12+ds1-1~deb10u1. So it’ll be part of the upcoming Buster 10.1, scheduled for September 7. Which means we can switch to that version in 4.0 :)

#5 Updated by intrigeri 2019-08-31 09:14:14

  • Description updated

#6 Updated by intrigeri 2019-09-01 16:49:50

#7 Updated by intrigeri 2019-09-01 16:49:58

#8 Updated by intrigeri 2019-09-01 18:43:48

  • Priority changed from Normal to Elevated

Release blocker: otherwise, there’s a change we downgrade Enigmail between 4.0 and 4.1, which would be a problem (for example, there’s often code paths that migrate prefs to a newer versions, but migrating to an older version is unsupported).

#9 Updated by intrigeri 2019-09-08 10:45:25

  • Type of work changed from Wait to Code

Buster now has 2:2.0.12+ds1-1~deb10u1.

#10 Updated by segfault 2019-09-08 21:40:21

  • Assignee set to segfault

#11 Updated by segfault 2019-09-08 21:40:51

  • Status changed from Confirmed to In Progress

Applied in changeset commit:tails|b502c5e88f998687464b08dc30577c83860f05b4.

#12 Updated by segfault 2019-09-08 22:34:22

  • Status changed from In Progress to Needs Validation
  • Assignee deleted (segfault)

#13 Updated by intrigeri 2019-09-09 09:12:55

  • Assignee set to intrigeri

Thanks!

#14 Updated by intrigeri 2019-09-09 19:15:21

  • Feature Branch set to bugfix/16978-install-enigmail-from-buster

#15 Updated by intrigeri 2019-09-09 19:16:53

Code review passes and Jenkins is happy.

I’ll build & test Enigmail manually as I’m not sure whether segfault did it (and we have no automated tests for it).

#16 Updated by intrigeri 2019-09-09 20:01:30

  • Status changed from Needs Validation to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:tails|1be30b68bf4aff79d8faca54ccac2b5b832bc297.