[Enigmail] [ANN] Enigmail v1.9.9 available

Patrick Brunschwig patrick at enigmail.net
Tue Dec 19 08:45:29 CET 2017


I'm happy to announce the availability of Enigmail v1.9.9 for
Thunderbird version 52.x and SeaMonkey 2.46.

This version addresses a number of security vulnerabilities discovered
by Cure53 during an audit of Thunderbird with Enigmail. The audit report
covers both Thunderbird and Enigmail. As some vulnerabilities are still
unfixed on the side of Thunderbird, we currently only publish an excerpt
of the report with the issues found in Enigmail [1].

Enigmail is one of the most widely used tool for OpenPGP email
encryption. Yet it took 16(!) years of development until the first
security audit was performed. It was more than overdue, and I would like
to thank Posteo (www.posteo.de) for taking the initiative and
co-financing an audit report together with the Mozilla Foundation. Not
very surprising for such an old project, the audit report revealed a
number of important issues that were addressed now.


Changes
=======

See the Pentest Report for Enigmail by Cure53 [1].
In addition, Bug 709 was fixed [2].


Obtaining Enigmail
==================
Enigmail can be downloaded from
<https://www.enigmail.net/index.php/en/download/>

The changelog is available from
<https://www.enigmail.net/index.php/en/download/changelog>


Additional Remarks
==================
Beta versions of Thunderbird require a nightly build of Enigmail,
i.e. Enigmail v1.9.x will not work with Thunderbird 56b1 and newer.

-Patrick



[1]
<https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf>
[2] <https://sourceforge.net/p/enigmail/bugs/709/>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/attachments/20171219/20c7d6d2/attachment.sig>


More information about the enigmail-users mailing list