Install Enigmail from Buster
Bug #16738, we pinned Enigmail to Bullseye, to have a version that is not vulnerable to https://security-tracker.debian.org/tracker/CVE-2019-12269.
We should revert commit e812b16f9433db21401ae59f7fa352bd16145144 once this issue is fixed in Enigmail in Buster.
#4 Updated by intrigeri 2019-08-31 09:12:59
It’s now in s-p-u: https://release.debian.org/proposed-updates/stable.html#enigmail_2.0.12+ds1-1~deb10u1. So it’ll be part of the upcoming Buster 10.1, scheduled for September 7. Which means we can switch to that version in 4.0 :)
#8 Updated by intrigeri 2019-09-01 18:43:48
- Priority changed from Normal to Elevated
Release blocker: otherwise, there’s a change we downgrade Enigmail between 4.0 and 4.1, which would be a problem (for example, there’s often code paths that migrate prefs to a newer versions, but migrating to an older version is unsupported).