On Sat, Mar 17, 2007 at 10:25:11AM +0100, Daniel Schröter wrote: > From > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1264 > "Enigmail 0.94.2 and earlier does not properly use the --status-fd > argument when invoking GnuPG, which prevents Enigmail from visually > distinguishing between signed and unsigned portions of OpenPGP messages > with multiple components, which allows remote attackers to forge the > contents of a message without detection." > > In Debian this problem just occurs if the patch for gnupg is not > installed. That's why I tagged it as "important" and not "critical". > > Can you please update enigmail to version 0.94.3 (or backport the patch).
The gnupg update fixed the security issue. Everything else is just improved visualization. - Alexander
