Re: serious bug / 1.7.8-1sarge7.2.1_i386 / URGENT
Dale Amon wrote:
> On Tue, Sep 05, 2006 at 01:04:40AM +0200, Von Wolher wrote:
>>Thank you very much for the lightspeed reaction and fix !!!
>>I'll set those extra lines in the sources.list of a few general use
>>boxes which also run pure debian sarge and will keep you updated in case
>>an updated doesn't workout.
> Perhaps I am not the only one who has seen problems
> in recent firefox updates then... I can reliably crash
> my firefox browser simply by going to google maps. It
> starts loading the map... and then falls over.
guys, where do i start...i just noticed today that since that update
which messed up mozilla mail+news/enigmail all messages which should
have been signed AND encrypted got only signed !!!
Which means everything went in the cleartext !!!
I'm a bit speechless here to what more to say :(
Can some one check this ?
Here i include also the message of our previous communication:
On Mon, Sep 04, 2006 at 07:31:30PM +0200, Von Wolher wrote:
>> Hello Kitame,
>> I'm sorry to approach you like this but we got a very urgent situation
>> which was caused by the latest update for mozilla-*. This update messed
>> up enigmail completely. We got now 5 systems showing the exact
>> behaviour. They use Mozilla 1.7.8 (latest sarge) and enigmail (latest
>> sarge). Enigmail doesn't show any keys anymore in the key management
>> window and some options might be missing from the key menu too.
>> We checked with gpg on the commandline and luckily everything was there
>> in the rings and also working fine on the commandline.
>> These boxes run the official sarge release, no backports or anything
>> exotic on them, pure sarge debian. Please let me know how to solve this
>> problem since our users can't work on the commandline.
>> To be sure, it happened with the latest update:
>> [SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities
>> after installing that with apt-get enigmail stopped working properly.
As you can still use enigmail core features, aka encrypt/decrypt and
sign/verify it has yet to be decided if we will roll-out an updated
package for this issue. In any case, if we push a dedicated update for
this, it will take some days until all architectures finished the new
To give you instant cure - if you are using i386 - there will be a fix
in my security preview archive  in approx. one hour from now
FWIW, we need more volunteers (pure desktop sarge users) that help
testing mozilla updates before they get rolled out in order to prevent
bugs like this to slip through in future. For sarge we completely rely on
the help of our community to do QA which is not provided by the mozilla
project anymore - they have abandoned security support for versions
shipped in sarge.
To help, just keep the security archive lines  in your
sources.list and upgrade regularly. Better monitor my blog (see sig)
to get informed if a new security update is about to land. If there is
a new security update, keep your eyes open for new bugs and report
them to me.