Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 May 2018 12:29:51 +0200
From: Christian Brabandt <>
Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities

On Mo, 14 Mai 2018, Yves-Alexis Perez wrote:

> I guess most people have already saw  this, but just in case, it seems that a
> vulnerability in PGP/MIME and S/MIME handling in various mail clients will be
> published tomorrow.
> Debian Security team didn't get any private information yet, but there have
> been multiple twitter threads and blog posts published already:
> bugs-can-reveal-encrypted-e-mails-uninstall-now/
> require-you-take-action-now
> GnuPG has posted a tweet (
> indicating it's likely a vulnerability in mail clients themselves and not in
> the protocol, and which is related to HTML mail handling.
> The vulnerabilities apparently enable an attacker to decrypt previous mails,
> but my (wild) guess is that the attack actually requests decryption from the
> mail client (which has access to the private key), rather than by actually
> decrypting itself.

Looks like details have just been published:

Ein Flirt ohne tiefere Absicht ist ungefähr so sinnvoll wie ein
Fahrplan ohne Eisenbahn.
		-- William Somerset Maugham

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ