Date: Wed, 16 May 2018 17:22:32 +1000 From: Brian May <bam@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard <oss-security@....gaspard.ninja> writes: > Just to add in about Thunderbird with Enigmail after 2.0.0: > > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060325.html > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060327.html > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060329.html > > So it looks like data encrypted with CAST5 (and possibly 3DES?) may be > at risk even with Enigmail 2.0.0, with what I guess is latest GnuPG > (don't know whether it is with 1.4, 2.2 or both, though), likely due to > a GnuPG bug. >From https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060361.html: "We should also be very careful to note that none of this discussion thread applies to the MIME concatenation vulnerability, which is a problem in Thunderbird and other mail clients, and which cannot be solved by gnupg." -- Brian May <bam@...ian.org>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ