Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 May 2018 17:22:32 +1000
From: Brian May <bam@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities

Leo Gaspard <oss-security@....gaspard.ninja> writes:

> Just to add in about Thunderbird with Enigmail after 2.0.0:
>
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060325.html
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060327.html
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060329.html
>
> So it looks like data encrypted with CAST5 (and possibly 3DES?) may be
> at risk even with Enigmail 2.0.0, with what I guess is latest GnuPG
> (don't know whether it is with 1.4, 2.2 or both, though), likely due to
> a GnuPG bug.

>From https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060361.html:

"We should also be very careful to note that none of this discussion
thread applies to the MIME concatenation vulnerability, which is a
problem in Thunderbird and other mail clients, and which cannot be
solved by gnupg."
-- 
Brian May <bam@...ian.org>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ