Re: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypt…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypted email to the IMAP server [was: Re: PGP MIME is insecure (for me)]
sajolida:
> During the last monthly meeting I volunteered to issue a security
> advisory about the fact that Claws saved unencrypted emails to Drafts
> and Queue folders on the IMAP server.
>
> I've been gathering info and doing shitloads of testing, and I think we
> have (almost) all the information to explain this properly and fix what
> can be fixed in Tails.
>
> So please review and comment on the synopsis from #9161.


During the monthly meeting I realized that my analysis was actually
pretty wrong all the way. Thanks everybody for correcting me!

So here is a draft of the security advisory, please review and comment:

https://tails.boum.org/blueprint/claws_mail_leaks_plaintext_to_imap/

I'd like to publish it on Thursday morning (or early afternoon) to have
it visible over the week-end before the release.

I pointed upstream to it on
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965#c9.

On Thursday, I'll also integrate this in the Claws Mail doc and fix
#9159 at last.

--
sajolida