An alert was issued today on the debian site that concerns a bug in Enigmail.
It is highly recommended to patch your enigmail, if you are using it with Mozilla MailNews or Mozilla Thunderbird as a PGP management module.
Package: enigmail
Version: 2:0.91-4
The problem:
Patch your enigmail: http://bugs.debian.org/cgi-bin/bugreport.cgi/security-patch.txt?bug=335731;msg=5;att=1
It is highly recommended to patch your enigmail, if you are using it with Mozilla MailNews or Mozilla Thunderbird as a PGP management module.
Package: enigmail
Version: 2:0.91-4
The problem:
If there is a key on your keyring, that has an empty UID (no name, e-mail address, etc.), mail may be encrypted to that UID, although the recipient was not choosen by the user. This may lead to disclosure of confidential data to others.
Patch your enigmail: http://bugs.debian.org/cgi-bin/bugreport.cgi/security-patch.txt?bug=335731;msg=5;att=1