Hi
According to the update in the security-tracker done by Moritz for
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed21bb0c20a2272745fb959f4c1da58a44ce32e7#4716ef5aa8f2742228ba3b3633215c8b808565e3_72290_72286
we might close this related issue for kmail, but not doing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2018-05-16 at 13:04 +0200, Sandro Knauß wrote:
> > There's a misunderstanding. My point isn't about PGP/MIME (which is indeed
> > handled by gnupg, even if through gpgme), but about S/MIME, which I really
> > don't think it handled by
> There's a misunderstanding. My point isn't about PGP/MIME (which is indeed
> handled by gnupg, even if through gpgme), but about S/MIME, which I really
> don't think it handled by anything related to gnupg.
It is - the binary and package is called gpgsm and is part of gnupg souce
tarball.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2018-05-16 at 12:33 +0200, Sandro Knauß wrote:
> > Thanks, that's good to know.
>
> Should I prepare a update with those patches for stable?
Yes I think it'd be worth it.
>
> > > For a more detailed look for KMail and EFail see the
> Ok. Other clients like Evolution and Trojita also had an issue with DNS
> prefetching which could be re-enabled in Webkit. Not sure on what library
> KMail relies for HTML rending but it might be worth checking that too?
>
> See https://bugs.webkit.org/show_bug.cgi?id=182924 for the webkit bug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, 2018-05-16 at 11:44 +0200, Sandro Knauß wrote:
> Hey,
Hi Sandro, thanks for the update on this.
>
> For S/MIME the situation is that it is a conceptional weakness in the
> standard
> to remove the target vector completely.
Agreed, and
Hey,
For S/MIME the situation is that it is a conceptional weakness in the standard
to remove the target vector completely.
In KMail we have the best handling that we can get at the moment (with default
settings). KMail never access resources from the internet without asking the
user or an
Source: kmail
Severity: grave
Tags: security
Justification: user security hole
Hi,
as you may already know, a paper was published this morning describing a
vulnerability known as efail against S/MIME and PGP/MIME implementations
in various mail clients.
This vulnerability allows an attacker
8 matches
Mail list logo