[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 May 2018 17:22:32 +1000
From: Brian May <bam@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities
Leo Gaspard <oss-security@....gaspard.ninja> writes:
> Just to add in about Thunderbird with Enigmail after 2.0.0:
>
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060325.html
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060327.html
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060329.html
>
> So it looks like data encrypted with CAST5 (and possibly 3DES?) may be
> at risk even with Enigmail 2.0.0, with what I guess is latest GnuPG
> (don't know whether it is with 1.4, 2.2 or both, though), likely due to
> a GnuPG bug.
>From https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060361.html:
"We should also be very careful to note that none of this discussion
thread applies to the MIME concatenation vulnerability, which is a
problem in Thunderbird and other mail clients, and which cannot be
solved by gnupg."
--
Brian May <bam@...ian.org>
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
