Debian Bug report logs -
#898631
thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances
Reported by: Yves-Alexis Perez <corsac@debian.org>
Date: Mon, 14 May 2018 13:18:05 UTC
Severity: serious
Tags: security
Found in versions thunderbird/1:52.7.0-1~deb9u1, thunderbird/1:52.6.0-1~deb9u1
Fixed in version thunderbird/1:52.8.0-1
Done: Carsten Schoenert <c.schoenert@t-online.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Carsten Schoenert <c.schoenert@t-online.de>:
Bug#898631; Package src:thunderbird.
(Mon, 14 May 2018 13:18:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Yves-Alexis Perez <corsac@debian.org>:
New Bug report received and forwarded. Copy sent to Carsten Schoenert <c.schoenert@t-online.de>.
(Mon, 14 May 2018 13:18:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: thunderbird
Severity: grave
Tags: security
Justification: user security hole
Hi,
as you might already be aware, an attack has been published against
PGP/MIME and S/MIME handling in various mail clients, including
Thunderbird.
I've already reported a bug against enigmail, since PGP handling seems
mostly restricted to enigmail, but the S/MIME part is handled directly
in Thunderbird as far as I can tell.
We'll likely have to issue a DSA too.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply sent
to Carsten Schoenert <c.schoenert@t-online.de>:
You have taken responsibility.
(Sat, 19 May 2018 15:33:28 GMT) (full text, mbox, link).
Notification sent
to Yves-Alexis Perez <corsac@debian.org>:
Bug acknowledged by developer.
(Sat, 19 May 2018 15:33:28 GMT) (full text, mbox, link).
Message #10 received at 898631-close@bugs.debian.org (full text, mbox, reply):
Source: thunderbird
Source-Version: 1:52.8.0-1
We believe that the bug you reported is fixed in the latest version of
thunderbird, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 898631@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carsten Schoenert <c.schoenert@t-online.de> (supplier of updated thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 May 2018 21:04:15 +0200
Source: thunderbird
Binary: thunderbird thunderbird-dev lightning calendar-google-provider thunderbird-l10n-all thunderbird-l10n-ar thunderbird-l10n-ast thunderbird-l10n-be thunderbird-l10n-bg thunderbird-l10n-bn-bd thunderbird-l10n-br thunderbird-l10n-ca thunderbird-l10n-cs thunderbird-l10n-da thunderbird-l10n-de thunderbird-l10n-dsb thunderbird-l10n-el thunderbird-l10n-en-gb thunderbird-l10n-es-ar thunderbird-l10n-es-es thunderbird-l10n-et thunderbird-l10n-eu thunderbird-l10n-fi thunderbird-l10n-fr thunderbird-l10n-fy-nl thunderbird-l10n-ga-ie thunderbird-l10n-gd thunderbird-l10n-gl thunderbird-l10n-he thunderbird-l10n-hr thunderbird-l10n-hsb thunderbird-l10n-hu thunderbird-l10n-hy-am thunderbird-l10n-id thunderbird-l10n-is thunderbird-l10n-it thunderbird-l10n-ja thunderbird-l10n-kab thunderbird-l10n-ko thunderbird-l10n-lt thunderbird-l10n-nb-no thunderbird-l10n-nl thunderbird-l10n-nn-no thunderbird-l10n-pa-in thunderbird-l10n-pl thunderbird-l10n-pt-br thunderbird-l10n-pt-pt
thunderbird-l10n-rm thunderbird-l10n-ro thunderbird-l10n-ru thunderbird-l10n-si thunderbird-l10n-sk thunderbird-l10n-sl thunderbird-l10n-sq thunderbird-l10n-sr thunderbird-l10n-sv-se thunderbird-l10n-ta-lk thunderbird-l10n-tr thunderbird-l10n-uk thunderbird-l10n-vi thunderbird-l10n-zh-cn thunderbird-l10n-zh-tw lightning-l10n-ar lightning-l10n-ast lightning-l10n-be lightning-l10n-bg lightning-l10n-bn-bd lightning-l10n-br lightning-l10n-ca lightning-l10n-cs lightning-l10n-cy lightning-l10n-da lightning-l10n-de lightning-l10n-dsb lightning-l10n-el lightning-l10n-es-ar lightning-l10n-es-es lightning-l10n-en-gb lightning-l10n-et lightning-l10n-eu lightning-l10n-fi lightning-l10n-fr lightning-l10n-fy-nl lightning-l10n-ga-ie lightning-l10n-gd lightning-l10n-gl lightning-l10n-he lightning-l10n-hr lightning-l10n-hsb lightning-l10n-hu lightning-l10n-hy-am lightning-l10n-id lightning-l10n-is lightning-l10n-it lightning-l10n-ja lightning-l10n-kab lightning-l10n-ko
lightning-l10n-lt lightning-l10n-nb-no lightning-l10n-nl lightning-l10n-nn-no lightning-l10n-pa-in lightning-l10n-pl lightning-l10n-pt-br lightning-l10n-pt-pt lightning-l10n-rm lightning-l10n-ro lightning-l10n-ru lightning-l10n-si lightning-l10n-sk lightning-l10n-sl lightning-l10n-sr lightning-l10n-sq lightning-l10n-sv-se lightning-l10n-ta-lk lightning-l10n-tr lightning-l10n-uk lightning-l10n-vi lightning-l10n-zh-cn
lightning-l10n-zh-tw
Architecture: source
Version: 1:52.8.0-1
Distribution: unstable
Urgency: high
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Description:
calendar-google-provider - Google Calendar support for lightning
lightning - Calendar Extension for Thunderbird
lightning-l10n-ar - Arabic language package for lightning
lightning-l10n-ast - Asturian language package for lightning
lightning-l10n-be - Belarusian language package for lightning
lightning-l10n-bg - Bulgarian language package for lightning
lightning-l10n-bn-bd - Bengali (Bangladesh) language package for lightning
lightning-l10n-br - Breton language package for lightning
lightning-l10n-ca - Catalan/Valencian language package for lightning
lightning-l10n-cs - Czech language package for lightning
lightning-l10n-cy - Welsh language package for lightning
lightning-l10n-da - Danish language package for lightning
lightning-l10n-de - German language package for lightning
lightning-l10n-dsb - Lower Sorbian language package for lightning
lightning-l10n-el - Greek language package for lightning
lightning-l10n-en-gb - British English language package for lightning
lightning-l10n-es-ar - Spanish (Argentina) language package for lightning
lightning-l10n-es-es - Spanish (Spain) language package for lightning
lightning-l10n-et - Estonian language package for lightning
lightning-l10n-eu - Basque language package for lightning
lightning-l10n-fi - Finnish language package for lightning
lightning-l10n-fr - French language package for lightning
lightning-l10n-fy-nl - Western Frisian language package for lightning
lightning-l10n-ga-ie - Irish (Ireland) language package for lightning
lightning-l10n-gd - Scottish Gaelic language package for lightning
lightning-l10n-gl - Galician language package for lightning
lightning-l10n-he - Hebrew language package for lightning
lightning-l10n-hr - Croatian language package for lightning
lightning-l10n-hsb - Upper Sorbian language package for lightning
lightning-l10n-hu - Hungarian language package for lightning
lightning-l10n-hy-am - Armenian language package for lightning
lightning-l10n-id - Indonesian language package for lightning
lightning-l10n-is - Icelandic language package for lightning
lightning-l10n-it - Italian language package for lightning
lightning-l10n-ja - Japanese language package for lightning
lightning-l10n-kab - Kabyle language package for lightning
lightning-l10n-ko - Korean language package for lightning
lightning-l10n-lt - Lithuanian language package for lightning
lightning-l10n-nb-no - Bokmaal (Norway) language package for lightning
lightning-l10n-nl - Dutch language package for lightning
lightning-l10n-nn-no - Nynorsk (Norway) language package for lightning
lightning-l10n-pa-in - Punjabi language package for lightning
lightning-l10n-pl - Polish language package for lightning
lightning-l10n-pt-br - Portuguese (Brazil) language package for lightning
lightning-l10n-pt-pt - Portuguese (Portugal) language package for lightning
lightning-l10n-rm - Romansh language package for lightning
lightning-l10n-ro - Romanian language package for lightning
lightning-l10n-ru - Russian language package for lightning
lightning-l10n-si - Sinhala language package for lightning
lightning-l10n-sk - Slovak language package for lightning
lightning-l10n-sl - Slovenian language package for lightning
lightning-l10n-sq - Albanian language package for lightning
lightning-l10n-sr - Serbian language package for lightning
lightning-l10n-sv-se - Swedish language package for lightning
lightning-l10n-ta-lk - Tamil language package for lightning
lightning-l10n-tr - Turkish language package for lightning
lightning-l10n-uk - Ukrainian language package for lightning
lightning-l10n-vi - Vietnamese language package for lightning
lightning-l10n-zh-cn - Chinese (China) language package for lightning
lightning-l10n-zh-tw - Chinese (Taiwan) language package for lightning
thunderbird - mail/news client with RSS, chat and integrated spam filter suppor
thunderbird-dev - Development files for Thunderbird
thunderbird-l10n-all - All language packages for Thunderbird (meta)
thunderbird-l10n-ar - Arabic language package for Thunderbird
thunderbird-l10n-ast - Asturian language package for Thunderbird
thunderbird-l10n-be - Belarusian language package for Thunderbird
thunderbird-l10n-bg - Bulgarian language package for Thunderbird
thunderbird-l10n-bn-bd - Bengali language package for Thunderbird
thunderbird-l10n-br - Breton language package for Thunderbird
thunderbird-l10n-ca - Catalan/Valencian language package for Thunderbird
thunderbird-l10n-cs - Czech language package for Thunderbird
thunderbird-l10n-da - Danish language package for Thunderbird
thunderbird-l10n-de - German language package for Thunderbird
thunderbird-l10n-dsb - Lower Sorbian language package for Thunderbird
thunderbird-l10n-el - Greek language package for Thunderbird
thunderbird-l10n-en-gb - English (Great Britain) language package for Thunderbird
thunderbird-l10n-es-ar - Spanish (Argentina) language package for Thunderbird
thunderbird-l10n-es-es - Spanish (Spain) language package for Thunderbird
thunderbird-l10n-et - Estonian language package for Thunderbird
thunderbird-l10n-eu - Basque language package for Thunderbird
thunderbird-l10n-fi - Finnish language package for Thunderbird
thunderbird-l10n-fr - French language package for Thunderbird
thunderbird-l10n-fy-nl - Frisian language package for Thunderbird
thunderbird-l10n-ga-ie - Irish (Ireland) language package for Thunderbird
thunderbird-l10n-gd - Gaelic (Scottish) language package for Thunderbird
thunderbird-l10n-gl - Galician language package for Thunderbird
thunderbird-l10n-he - Hebrew language package for Thunderbird
thunderbird-l10n-hr - Croatian language package for Thunderbird
thunderbird-l10n-hsb - Upper Sorbian language package for Thunderbird
thunderbird-l10n-hu - Hungarian language package for Thunderbird
thunderbird-l10n-hy-am - Armenian language package for Thunderbird
thunderbird-l10n-id - Indonesian language package for Thunderbird
thunderbird-l10n-is - Icelandic language package for Thunderbird
thunderbird-l10n-it - Italian language package for Thunderbird
thunderbird-l10n-ja - Japanese language package for Thunderbird
thunderbird-l10n-kab - Kabyle language package for Thunderbird
thunderbird-l10n-ko - Korean language package for Thunderbird
thunderbird-l10n-lt - Lithuanian language package for Thunderbird
thunderbird-l10n-nb-no - Bokmaal (Norway) language package for Thunderbird
thunderbird-l10n-nl - Dutch language package for Thunderbird
thunderbird-l10n-nn-no - Nynorsk (Norway) language package for Thunderbird
thunderbird-l10n-pa-in - Punjabi (India) language package for Thunderbird
thunderbird-l10n-pl - Polish language package for Thunderbird
thunderbird-l10n-pt-br - Portuguese (Brazil) language package for Thunderbird
thunderbird-l10n-pt-pt - Portuguese (Portugal) language package for Thunderbird
thunderbird-l10n-rm - Romansh language package for Thunderbird
thunderbird-l10n-ro - Romania language package for Thunderbird
thunderbird-l10n-ru - Russian language package for Thunderbird
thunderbird-l10n-si - Sinhala language package for Thunderbird
thunderbird-l10n-sk - Slovak language package for Thunderbird
thunderbird-l10n-sl - Slovenian language package for Thunderbird
thunderbird-l10n-sq - Albanian language package for Thunderbird
thunderbird-l10n-sr - Serbian language package for Thunderbird
thunderbird-l10n-sv-se - Swedish (Sweden) language package for Thunderbird
thunderbird-l10n-ta-lk - Tamil language package for Thunderbird
thunderbird-l10n-tr - Turkish language package for Thunderbird
thunderbird-l10n-uk - Ukrainian language package for Thunderbird
thunderbird-l10n-vi - Vietnamese language package for Thunderbird
thunderbird-l10n-zh-cn - Chinese (China) language package for Thunderbird
thunderbird-l10n-zh-tw - Chinese (Taiwan) language package for Thunderbird
Closes: 882048 882122 894907 898631
Changes:
thunderbird (1:52.8.0-1) unstable; urgency=high
.
[ intrigeri ]
* [4656ebf] AppArmor: update profile from upstream
(Closes: #882048, #882122)
.
[ Agustin Henze ]
* [840cbc8] apparmor: allow access to @{HOME}/.gnupg/tofu.db
(Closes: #894907)
.
[ Carsten Schoenert ]
* [514e9e8] New upstream version 52.8.0
Fixed CVE issues in upstream version 52.8 (MFSA 2018-13)
CVE-2018-5183: Backport critical security fixes in Skia
CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext
attack (aka Efail)
CVE-2018-5154: Use-after-free with SVG animations and clip paths
CVE-2018-5155: Use-after-free with SVG animations and text paths
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
CVE-2018-5161: Hang via malformed headers
CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
(aka Efail)
CVE-2018-5170: Filename spoofing for external attachments
CVE-2018-5168: Lightweight themes can be installed without user
interaction
CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension
CVE-2018-5185: Leaking plaintext through HTML forms (aka Efail)
CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8,
and Thunderbird 52.8
(Closes: #898631)
* [7845229] ICU: don't build the Paragraph Layout library
Disable the build of the layout library in the internal ICU build as we
don't need this and can cause build issues.
* [e0a79fc] debian/control: increase Standards-Version to 4.1.4
No further changes needed.
Checksums-Sha1:
4b537286a7006443afcb78ff0718b8e763876cf0 12492 thunderbird_52.8.0-1.dsc
53ef0289d9b12e0af5d49221a467e06c7acfb2f5 879840 thunderbird_52.8.0.orig-lightning-l10n.tar.xz
9fbc27a3f128f257904ad42dd9a57f2a3decd570 9091936 thunderbird_52.8.0.orig-thunderbird-l10n.tar.xz
2a6b3f8b663c0f021a4229531872824d66b0b2b6 237431652 thunderbird_52.8.0.orig.tar.xz
2ac42b3f053073baa09ee0ab9f4c6293390ca735 398300 thunderbird_52.8.0-1.debian.tar.xz
1573433fff356e7d7b7f38a3af392325b868cf35 51677 thunderbird_52.8.0-1_amd64.buildinfo
Checksums-Sha256:
407506accf2179176df2074e8f68e8c560efce9148890f8b1d808b741926fd0d 12492 thunderbird_52.8.0-1.dsc
35a9b3e470976e6b1adbca600483d300d338ecf3d1b059587f4b10f2b672ddc8 879840 thunderbird_52.8.0.orig-lightning-l10n.tar.xz
c698040ed57cd4f454aedc8ecd0c4b30c432ca15c9af5da24fc143fb62c1b82e 9091936 thunderbird_52.8.0.orig-thunderbird-l10n.tar.xz
c7e0d7432b4a1b76678b4839ec371bd8a84c2ffd5bd4f52aa1600cc46076a5f5 237431652 thunderbird_52.8.0.orig.tar.xz
ce9ecc9cbab4e103afc9c9fecbe245ef908f9aa6111d086020c6f9957c122110 398300 thunderbird_52.8.0-1.debian.tar.xz
ac3d339b467c5c8a661b03bc94af6761364f07e3df92404e564e84e3084ad438 51677 thunderbird_52.8.0-1_amd64.buildinfo
Files:
e55d4d336464f9a922cacf2c826b6287 12492 mail optional thunderbird_52.8.0-1.dsc
abdb901ec9df25a24dee3720f8d6f4bc 879840 mail optional thunderbird_52.8.0.orig-lightning-l10n.tar.xz
2254a4a18b9100feddf0740458ba37ba 9091936 mail optional thunderbird_52.8.0.orig-thunderbird-l10n.tar.xz
bf7365f824f06f5a82684461f56e765a 237431652 mail optional thunderbird_52.8.0.orig.tar.xz
167f5b3b79f2707d7ecce54f0d8c4928 398300 mail optional thunderbird_52.8.0-1.debian.tar.xz
ef22534470947a377a5251dae94d0d09 51677 mail optional thunderbird_52.8.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJMBAEBCgA2FiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAlr/y+AYHGMuc2Nob2Vu
ZXJ0QHQtb25saW5lLmRlAAoJEIMBYBQlHR2wiPsP/2HIxm8wG3WylANJn33G6vwF
YVVp4PMbR/9zvidGzlDXq5gt1vHfNVr3kkBRETH+XgGXRlov1hmeYcA/5ihleFvU
gKsEtoKpsfhPhbxAr1bzqdNLgpyt2T3N/UtkkibnceA5cMQcTCPovYzE3zVSjNtK
32mGQHV6XYA9x0tpJslR1/1dE8WuO3SNXQxNtdBCmEWrakO4HIi04tLFR3oQlP6y
5YzjnsqSPW5dRawt+yk0Zr87NKeVESCQK3t4cmRyMJku+mqyMLSxL6b0kgyXcL6N
Us1rAtfP28ollEWtPEINOClu4Vk1Mt9+oIleRgoL2zRx3aPStpD1yQW9cNAyuKJz
YrpVKsg9UCSpR3Uyt7rnhDl5sFB9NOjq60T6MxcTEOy5kcARC8BiQO3+YPquj6K9
XivgxC4XmP8RpiscwieNuLujGc66pLBQjsB55bZpFba50eKE4a2ROmfJqj6tVDzW
F5mF3uflDWTb1smYTPxqkRQrYWNKCh7jFDsIfOi2ot4yytV9gTCcmil0O0mPbGaf
xlbYY2FM2fj9PzpXtdG8WzQnG3frMxmOlmOjA+QhfFK/WDRQn6PTrqQclNpdZ3WW
PMFUpBe0QjLdSlJarCuYhr4ouY6f9SUvZW7xv9qfqPJHwUHzli8l+iRxlsYdYw9y
eHs+HhJUvEY9uvO9rJJo
=12W1
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Carsten Schoenert <c.schoenert@t-online.de>:
Bug#898631; Package src:thunderbird.
(Sun, 27 May 2018 08:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to intrigeri <intrigeri@debian.org>:
Extra info received and forwarded to list. Copy sent to Carsten Schoenert <c.schoenert@t-online.de>.
(Sun, 27 May 2018 08:09:05 GMT) (full text, mbox, link).
Message #15 received at 898631@bugs.debian.org (full text, mbox, reply):
Hi Thunderbird maintainers!
My understanding (by reading some Thunderbird upstream mailing lists)
is that 52.8.0 only has part of the EFAIL fixes and the remaining
fixes will go into 52.8.1.
So perhaps this bug should not be marked as fixed in 1:52.8.0-1?
Or are the remaining problems tracked on another bug report that
I could not find?
Cheers,
--
intrigeri
Marked as found in versions thunderbird/1:52.7.0-1~deb9u1.
Request was from intrigeri <intrigeri@debian.org>
to control@bugs.debian.org.
(Sun, 27 May 2018 08:09:08 GMT) (full text, mbox, link).
Marked as found in versions thunderbird/1:52.6.0-1~deb9u1.
Request was from intrigeri <intrigeri@debian.org>
to control@bugs.debian.org.
(Sun, 27 May 2018 08:09:10 GMT) (full text, mbox, link).
Changed Bug title to 'thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances' from 'thunderbird: efail attack against S/MIME and PGP/MIME'.
Request was from Carsten Schoenert <c.schoenert@t-online.de>
to control@bugs.debian.org.
(Mon, 28 May 2018 20:15:04 GMT) (full text, mbox, link).
Severity set to 'serious' from 'grave'
Request was from Carsten Schoenert <c.schoenert@t-online.de>
to control@bugs.debian.org.
(Mon, 28 May 2018 20:15:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#898631; Package src:thunderbird.
(Mon, 28 May 2018 20:24:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Carsten Schoenert <c.schoenert@t-online.de>:
Extra info received and forwarded to list.
(Mon, 28 May 2018 20:24:03 GMT) (full text, mbox, link).
Message #28 received at 898631@bugs.debian.org (full text, mbox, reply):
Control: retitle 898631 thunderbird: still efail attack issue possible
against S/MIME and PGP/MIME in some circumstances
Hi again,
Am 27.05.2018 um 10:04 schrieb intrigeri:
> Hi Thunderbird maintainers!
>
> My understanding (by reading some Thunderbird upstream mailing lists)
> is that 52.8.0 only has part of the EFAIL fixes and the remaining
> fixes will go into 52.8.1.
that's correct, unfortunately.
> So perhaps this bug should not be marked as fixed in 1:52.8.0-1?
> Or are the remaining problems tracked on another bug report that
> I could not find?
No, right now there is no other issue to track this. I had finished all
my work on TB 52.8.0 before it was clear that the Efail thing isn't
fully fixed bu 52.8.0.
I wouldn't like to reopen the previous bug report and just use this one
here to keep tracking the remaining issue. Hopefully Mozilla will do a
release of 52.8.1 next week.
--
Regards
Carsten Schoenert
Changed Bug title to 'thunderbird: still efail attack issue possible' from 'thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances'.
Request was from Carsten Schoenert <c.schoenert@t-online.de>
to 898631-submit@bugs.debian.org.
(Mon, 28 May 2018 20:24:03 GMT) (full text, mbox, link).
Changed Bug title to 'thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances' from 'thunderbird: still efail attack issue possible'.
Request was from Carsten Schoenert <c.schoenert@t-online.de>
to control@bugs.debian.org.
(Mon, 28 May 2018 20:33:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 10 Aug 2018 07:26:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:04:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon