CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.

References

Affected packages

Git / github.com/gstreamer/gst-plugins-ugly

Affected ranges

Type: GIT
Repo: https://github.com/gstreamer/gst-plugins-ugly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3d70e6af96ac76abcfb788b708db35b6f4ae548a

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1.1

1.1.2

1.1.3

1.1.4

1.1.90

1.2.0

1.3.1

1.3.2

1.3.3

1.3.90

1.3.91

1.4.0

1.5.1

1.5.2

1.5.90

1.5.91

1.6.0

1.7.1

1.7.2

1.7.90

1.7.91

1.8.0

1.9.1

1.9.2

Other

BEFORE_INDENT

BRANCH-ERROR-ROOT

BRANCH-EVENTS2-ROOT

BRANCH-GSTREAMER-0_8-ROOT

CAPS

CAPS-MERGE-3

CAPS-ROOT

CHANGELOG_START

GIT_CONVERSION

MOVE-TO-FDO

OSLOSUMMIT1-200303051

RELEASE-0_10_0

RELEASE-0_10_1

RELEASE-0_10_10

RELEASE-0_10_11

RELEASE-0_10_2

RELEASE-0_10_3

RELEASE-0_10_4

RELEASE-0_10_5

RELEASE-0_10_6

RELEASE-0_10_7

RELEASE-0_10_8

RELEASE-0_10_9

RELEASE-0_9_1

RELEASE-0_9_3

RELEASE-0_9_4

RELEASE-0_9_5

RELEASE-0_9_6

RELEASE-0_9_7

TYPEFIND-ROOT

start

RELEASE-0.*

RELEASE-0.10.12

RELEASE-0.10.13

RELEASE-0.10.14

RELEASE-0.10.15

RELEASE-0.10.16

RELEASE-0.10.17

RELEASE-0.10.18

RELEASE-0.11.1

RELEASE-0.11.2

RELEASE-0.11.90

RELEASE-0.11.91

RELEASE-0.11.92

RELEASE-0.11.93

RELEASE-0.11.94

RELEASE-0.11.99

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-17843.json"