{"affected":[{"ecosystem_specific":{"binaries":[{"enigmail":"1.9.9-6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"enigmail","purl":"pkg:rpm/suse/enigmail&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.9-6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for enigmail to version 1.9.9 fixes the following issues (boo#1073858):\n\n* Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker\n* Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintext leak\n* Enigmail could be tricked into displaying incorrect signature  verification results\n* Specially crafted content may cause denial of service\n","id":"openSUSE-SU-2017:3427-1","modified":"2017-12-22T15:45:46Z","published":"2017-12-22T15:45:46Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IELFUJMXO4YPO5RI5KA64NG5BIRXU4QY/#IELFUJMXO4YPO5RI5KA64NG5BIRXU4QY"},{"type":"REPORT","url":"https://bugzilla.suse.com/1073858"}],"related":[],"summary":"Security update for enigmail","upstream":[]}