[Secure-testing-team] Bug#747546: icedove: openpgp failed without error message after update to 24.4.0-1~deb7 version

[Jonas Smedegaard]

Package: icedove
Version: 17.0-1
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

 1) Install stable iceweasel and enigmail.
 2) Update to newest iceweasel from stable-security
 3) Iceweasel silently skipping enigmail signing/encryption

This is *not* a duplicate of bug#746348, as the issue here is not one of
needing to restart the application after upgrading packages, but instead
is one of package dependencies needing tightening.

Older enigmail does not work with newer icedove.

Older enigmail had no crystalball so could not protect against this.  Or
arguably it could've blindly assumed to require same major version, but
that's too late now.

Newer enigmail does what it can: depends versioned on icedove.  That
does not help against lack of upgrading it, however - which can happen
e.g. with bug#747532.

Only safe approach I can see possible now, is for icedove to declare
that it breaks older enigmail.

I believe that fix needs to urgently go to stable-updates.


 - Jonas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQF8BAEBCgBmBQJTbTHbXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3NjQ4ODQwMTIyRTJDNTBFQzUxRDQwRTI0
RUMxQjcyMjM3NEY5QkQ2AAoJEE7BtyI3T5vWfxkIALdHIb0iINmVH/lgCt40ACI1
6+G9+KpeuZyeHBwe9ptv0H3DMbxvG11E/vD+Edp7YHRY0T9KzvkHcZBHegprIB2e
sELqR/8HNvS0a6WFhrbsGEdUfJ6CZzmRzAXAmMqsIG+TQzTGenMuZQV7d0ZodJXb
mwAzWYlmKpK/aNgjdYMdvL2onuZKDBAB9tYXgf0CzCYqmQjBtYbVfAM4s4uUb60w
usMQ1FBUUNeyhAFklCVsM0Xd0zLSsVdTSmUPMUP0bkwPwbR2QaJXmRzkEAQ184GL
R6nHvPlVlw9ocv5QBFTGN1kJI1nRCYAkbB/EmLZL8rlO8kfm3Ri2oOwsfOm1IwI=
=JI9R
-----END PGP SIGNATURE-----