oss-sec mailing list archives
Re: Enigmail warning
From: cve-assign () mitre org
Date: Thu, 21 Aug 2014 23:34:12 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/
This seems to discuss at least two non-identical issues. http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#b315 and http://sourceforge.net/p/enigmail/bugs/294/ are about "an email with only Bcc recipients is sent in plain text." This is assigned CVE-2014-5369. http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#10f1 and http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#0a5a are about one or more issues in which there is unexpected cleartext e-mail transmission unrelated to use of Bcc. This perhaps requires a non-default configuration. It is conceivable -- although perhaps unlikely -- that the problem is a UI bug (e.g., an encryption choice is presented even when the product is configured to never use encryption). In any case, none of this has a CVE assignment yet. There isn't enough information to determine whether to assign zero, one, or two additional CVE IDs. The scope of CVE-2014-5369 is only the behavior that occurs when all recipients are Bcc recipients. Finally, these are additional (possibly related) references that haven't yet been mentioned on oss-security: http://sourceforge.net/p/enigmail/bugs/290/ http://twitter.com/mtigas/statuses/494228366028210176/photo/1 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT9rkoAAoJEKllVAevmvmsBKUH/23mh9gvRZfW64TJtc6cj2Wa 1l6Gv6bpqAh0hSdhhQGEC25+C3YR8TTzJaUcIciyUGidCQ/p3rF/ORRcAx4Ptsae N5cvXFT6/Ep2lpaJF+Opi3buoJ1O0w6P2PQN+qif6mcIQFjH2GFRdGwKqEFlcW9j Of4a1vMC2YCDfqk8hTWdsqCzgCi1eOOe3xmQOTL/uUR3ilgdk1KkqhBaHUqhYX+x JaEVPyVZPRJqH+8QZJNYmKbU5JV1UUMK5IvuQoT+eKyYLIvY+Z1PVRYQPVITOxTZ hSiBXBrhRbmgixDb05IBHamuE83nXDEkm/j7sx6ezaEEl7Xv0DwMLYwxVl155sc= =x0nf -----END PGP SIGNATURE-----
Current thread:
- Enigmail warning Henri Salo (Aug 17)
- Re: Enigmail warning Noel Kuntze (Aug 17)
- Re: Enigmail warning Henri Salo (Aug 17)
- Re: Enigmail warning Pedro Cunha (Aug 18)
- Re: Enigmail warning Henri Salo (Aug 17)
- Re: Enigmail warning Jerome Athias (Aug 18)
- Re: Enigmail warning Nick Boyce (Aug 18)
- RE: Enigmail warning securitylists (Aug 19)
- Re: Enigmail warning Guilherme Andrade (Aug 20)
- RE: Enigmail warning securitylists (Aug 19)
- Re: Enigmail warning cve-assign (Aug 21)
- Re: Enigmail warning Noel Kuntze (Aug 17)