Re: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypt…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypted email to the IMAP server
intrigeri wrote (07 May 2015 13:44:31 GMT) :
> Before publishing, you'll want to check that the attached images don't
> show up in the Atom/RSS feeds.


The attached images did show up on top of the feeds, and the
notification end-users were seeing since the publication of the
advisory was:

* local folders.png
* select inbox.png
* add mailbox.png

Now fixed, in a way that should make our stuff more robust against
such omissions in the future. And applied the robustness improvement
in a few more places as well, because why not.

=> lesson learnt: after publishing a security advisory, boot Tails to
make sure it looks like what you believe it does :)

Cheers,
--
intrigeri