CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.

References

Affected packages

Git / github.com/gstreamer/gst-plugins-ugly

Affected ranges

Type: GIT
Repo: https://github.com/gstreamer/gst-plugins-ugly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3d70e6af96ac76abcfb788b708db35b6f4ae548a

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1.1

1.1.2

1.1.3

1.1.4

1.1.90

1.2.0

1.3.1

1.3.2

1.3.3

1.3.90

1.3.91

1.4.0

1.5.1

1.5.2

1.5.90

1.5.91

1.6.0

1.7.1

1.7.2

1.7.90

1.7.91

1.8.0

1.9.1

1.9.2

Other

BEFORE_INDENT

BRANCH-ERROR-ROOT

BRANCH-EVENTS2-ROOT

BRANCH-GSTREAMER-0_8-ROOT

CAPS

CAPS-MERGE-3

CAPS-ROOT

CHANGELOG_START

GIT_CONVERSION

MOVE-TO-FDO

OSLOSUMMIT1-200303051

RELEASE-0_10_0

RELEASE-0_10_1

RELEASE-0_10_10

RELEASE-0_10_11

RELEASE-0_10_2

RELEASE-0_10_3

RELEASE-0_10_4

RELEASE-0_10_5

RELEASE-0_10_6

RELEASE-0_10_7

RELEASE-0_10_8

RELEASE-0_10_9

RELEASE-0_9_1

RELEASE-0_9_3

RELEASE-0_9_4

RELEASE-0_9_5

RELEASE-0_9_6

RELEASE-0_9_7

TYPEFIND-ROOT

start

RELEASE-0.*

RELEASE-0.10.12

RELEASE-0.10.13

RELEASE-0.10.14

RELEASE-0.10.15

RELEASE-0.10.16

RELEASE-0.10.17

RELEASE-0.10.18

RELEASE-0.11.1

RELEASE-0.11.2

RELEASE-0.11.90

RELEASE-0.11.91

RELEASE-0.11.92

RELEASE-0.11.93

RELEASE-0.11.94

RELEASE-0.11.99

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-17848.json"