Log Message:
thunderbird-enigmail: update to 2.0.9.

Enigmail 2.0.9

Released 2018-10-09, works with Thunderbird 60.0.

Notable Changes

This release addresses a security issue and solves a few regression bugs.

Bugs fixed:

    Check the full list of fixed defects.

Enigmail 2.0.8

Released 2018-08-04, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release addresses a security issue and solves a few regression bugs.

Bugs fixed:

    A security issue has been fixed that allows an attacker to prepare a plain, \ 
unauthenticated HTML message in a way that it looks like it's signed and/or \ 
encrypted.
    Check the full list of fixed defects.

Enigmail 2.0.7

Released 2018-06-13, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release addresses several critical security bugs.

Bugs fixed:

    Spoofing of Email signatures I (CVE-2018-12020): GnuPG 2.2.8 fixed a \ 
security bug that allows remote attackers to spoof arbitrary email signatures \ 
via the embedded "--filename" parameter in OpenPGP literal data \ 
packets. This release of Enigmail prevents the exploit for all versions of \ 
GnuPG, i.e. also if GnuPG is not updated.
    Spoofing of Email signatures II (CVE-2018-12019): The signature verification \ 
routine in Enigmail interpreted User IDs as status/control messages and did not \ 
correctly keep track of the status of multiple signatures. This allowed remote \ 
attackers to spoof arbitrary email signatures via public keys containing crafted \ 
primary user ids.
    Mozilla crash bug 1423895: if Enigmail is installed on Thunderbird 60b7 \ 
together with the Add-Ons "CardBook", "QuickFolders" (and \ 
possibly other Add-Ons), then Thunderbird will crash as soon as an \ 
Enigmail-specific window is opened. This version implements a workaround for the \ 
Mozilla bug.

Enigmail 2.0.6

Released 2018-05-27, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release addresses a vulnerability that would allow an attacker to make a \ 
victim respond to a partially encrypted message and thus reveal protected \ 
information.

Bugs fixed:

Check the full list of fixed defects.

Enigmail 2.0.5

Released 2018-05-21, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release implements a fix that prevents any form of the Efail vulnerability \ 
and similar attacks. We recommend to upgrade to this version as soon as \ 
possible.

Bugs fixed:

Check the full list of fixed defects.

Enigmail 2.0.4

Released 2018-05-16, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release implements two workarounds to prevent from Efail vulnerabilities. \ 
We recommend to upgrade to this version as soon as possible.

Bugs fixed:

Check the full list of fixed defects.

Enigmail 2.0.3

Released 2018-05-08, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release addresses several defects, including a crash when accessing \ 
encrypted forwarded messages.

Bugs fixed:

Check the full list of fixed defects.

Enigmail 2.0.2

Released 2018-04-12, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release addresses some regressions found in version 2.0/2.0.1.

Bugs fixed:

Check the full list of fixed defects.

Enigmail 2.0.1

Released 2018-04-02, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

This release addresses several defects found in version 2.0.

Bugs fixed:

    S/MIME signing/encryption not working correctly, if Enigmail is not enabled \ 
for an account
    Emails fail to decrypt if the sender address contains brackets
    Autocrypt-headers may flip manually created per-recipient rules
    The key manager does not load if no key on the keyring

Check the full list of fixed defects.

Enigmail 2.0

Released 2018-03-25, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.

Notable Changes

    The Encryption and Signing buttons now work for both OpenPGP and S/MIME. \ 
Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for \ 
all recipients are available for the respective standard.
    Support for Pretty Easy Privacy (p≡p) is implemented in Enigmail. p≡p is \ 
active by default for new users.
    Support for the Autocrypt standard, which is now enabled by default. If \ 
Enigmail is used in the "classical mode" (with p≡p disabled) then \ 
Autocrypt is enabled by default.
    Support for Web Key Directory (WKD) is implemented. Enigmail will try to \ 
download unavailable keys during message composition from WKD. If you use GnuPG \ 
2.2.x, and your provider supports the Web Key Service protocol, you can also use \ 
Enigmail to upload your key to WKD.
    The message subject can now be encrypted and replaced with a dummy subject, \ 
following the Memory Hole standard for protected Email Headers.
    The keys on the keyring are automatically refreshed from keyservers at an \ 
irregular interval.
    Enigmail was turned into a "restartless" addon. That is, once you \ 
installed Enigmail 2.0, subsequent updates will be installed without needing to \ 
restart Thunderbird.
    Keys are internally addressed using the fingerprint instead of the key ID.
    The minimum GnuPG version supported is now 2.0.16.
    Cygwin-versions of GnuPG are no longer supported.

Bugs fixed

Many bugs were fixed. Check the list of fixed defects.