Date: Wed, 16 May 2018 17:22:32 +1000 From: Brian May <bam@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard <oss-security@....gaspard.ninja> writes: > Just to add in about Thunderbird with Enigmail after 2.0.0: > > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060325.html > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060327.html > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060329.html > > So it looks like data encrypted with CAST5 (and possibly 3DES?) may be > at risk even with Enigmail 2.0.0, with what I guess is latest GnuPG > (don't know whether it is with 1.4, 2.2 or both, though), likely due to > a GnuPG bug. >From https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060361.html: "We should also be very careful to note that none of this discussion thread applies to the MIME concatenation vulnerability, which is a problem in Thunderbird and other mail clients, and which cannot be solved by gnupg." -- Brian May <bam@...ian.org>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.