-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:226 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mozilla-thunderbird Date : December 12, 2005 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: A bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an email with the wrong public key. This could potentially disclose confidential data to unintended recipients. The updated packages have been patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3256 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: a76040e992150836998fc822a99b7624 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.i586.rpm 591b78809b7425ece0f63f96b65d2d2b 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk.i586.rpm 72f81a292f80666ac90f6b4d6da8a694 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk.i586.rpm 5b45958f898c7a0da52227b1b7791eb8 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 7732c8c52831cdc49dcad7f27bf02ff7 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.x86_64.rpm 63d0f9a9e474b6cf8259ee0e3e867c54 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk.x86_64.rpm 3440b4677c7938a8d948d1f20b97ec33 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk.x86_64.rpm 5b45958f898c7a0da52227b1b7791eb8 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.src.rpm Corporate 3.0: fb13fdba83a8fb58fa7be5f879387776 corporate/3.0/RPMS/libnspr4-1.7.8-0.4.C30mdk.i586.rpm d2c026c3005bb117b168fa710b6707eb corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.4.C30mdk.i586.rpm 00fe306b2e32a43b668855ac07a7bc3a corporate/3.0/RPMS/libnss3-1.7.8-0.4.C30mdk.i586.rpm a1f58fd330e354d64098584a21075683 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.4.C30mdk.i586.rpm ed922dcfda867e3e6aae232358e410d9 corporate/3.0/RPMS/mozilla-1.7.8-0.4.C30mdk.i586.rpm 9af2dc6b388b787fa489dd6d50fd85e5 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.4.C30mdk.i586.rpm f8b427e76177e505f4c461c36c58a6f4 corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.4.C30mdk.i586.rpm 35ce2664bb8516b0adeb0bcf23814ffa corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.4.C30mdk.i586.rpm f794287f76a7aa84f8ab26a5f9e1390d corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.4.C30mdk.i586.rpm 886465435f0c81de9888a406ecfaf731 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.4.C30mdk.i586.rpm 7852834c9f2b9b95d39abe8751d3849b corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.4.C30mdk.i586.rpm 42968285510df5716902b6566c8fc9fc corporate/3.0/RPMS/mozilla-mail-1.7.8-0.4.C30mdk.i586.rpm 72ce466eed134f651d10ea9120d21f53 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.4.C30mdk.i586.rpm 99c49b1370c18c2fa14c9f20b04e148d corporate/3.0/SRPMS/mozilla-1.7.8-0.4.C30mdk.src.rpm Corporate 3.0/X86_64: 6642da49a0bdbec886a932fdab4d41e5 x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.4.C30mdk.x86_64.rpm 065391d250b7ceb31c01f12386cf3a04 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.4.C30mdk.x86_64.rpm 07cf6b5f1d4ce2212b76fc265aace41a x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.4.C30mdk.x86_64.rpm e65788bcc7d582095b30a87431947a8f x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.4.C30mdk.x86_64.rpm a855523066d7b231da9ed889a995ad1a x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.4.C30mdk.x86_64.rpm 7b894f998bd344841c861387be21c2b3 x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.4.C30mdk.x86_64.rpm 7b5fc684552363acea77ab8f344d38f5 x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.4.C30mdk.x86_64.rpm 4e969e057bcdc0f763e269cbbfcd0fb9 x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.4.C30mdk.x86_64.rpm c84f31cefbbe5a92c1f1e6105a184fe8 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.4.C30mdk.x86_64.rpm 28791c7db8d3d9802e8198dc599fad87 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.4.C30mdk.x86_64.rpm 0308af9d9050d5cdeafd0a9baac05d48 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.4.C30mdk.x86_64.rpm a993afbf2ed3e7d17734631b2ccee05c x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.4.C30mdk.x86_64.rpm 86f109cecac0a9de786f88d9400b0cf5 x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.4.C30mdk.x86_64.rpm 99c49b1370c18c2fa14c9f20b04e148d x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.4.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDngX+mqjQ0CJFipgRAsFrAJ9o36+SsC3J4vHtqufdLRK+KhjrlwCdHFTP ltbOZEx/kIvw+O9sBteLQsM= =V712 -----END PGP SIGNATURE-----
