Bug#403396: enigmail: security issue: attachments may be not encrypted
close 403396 thanks Heya, although I'm still not sure if this was a bug in 2:0.94.1-1 or if it was just my fault - at least the error didn't occur anymore in the last time. I didn't check if it was just fixed by 2:0.94.2-1 or just *someweirdthinggoingaway*, though. enigmail works just fine now. At least another bug closed :) Thanks, Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: [Enigmail] Bug#403396: enigmail: security issue: attachments may be not encrypted
Alexander Sack wrote:
> Hi ...
>
> I couldn't reproduce this debian bug report ... however before I miss
> something important, maybe you want to take a look at the code if
> there might be a case where attachments might not get encrypted
> ...
>
> For more info, please read http://bugs.debian.org/403396.
>
> BTS, Maybe keep bug email ([EMAIL PROTECTED]) CCed too.
>
> Thanks a lot,
I can't reproduce the bug neither. However, I doubt that the reporter
really did what he wrote. He reports that his prefs.js file contains the
following line:
user_pref("extensions.enigmail.encryptAttachments", 0);
But this means: "encrypt the message body, but not the attachments".
Thus I'm not surprised about the result.
-Patrick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
Hi ... I couldn't reproduce this debian bug report ... however before I miss something important, maybe you want to take a look at the code if there might be a case where attachments might not get encrypted ... For more info, please read http://bugs.debian.org/403396. BTS, Maybe keep bug email ([EMAIL PROTECTED]) CCed too. Thanks a lot, On Sat, Dec 16, 2006 at 10:20:11PM +0100, Bernd Zeimetz wrote: > Package: enigmail > Version: 2:0.94.1-1 > Severity: important > > Heya, > > after some mails I just realized that attachments are not encrypted > (although encryption is selected) as long as you don't enter anything > into the mail's body. > This is a security issue for me, as you need to remember to add at least > to click into the body and hit a key if you want to have your > attachments encrypted. > - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
> How do you configure b) because it works for me too.
>
hmm.
have you tested it with disabled signature?
here're all checked prefs:
openpgp-preferences:
- encrypt to self
- always trust user ID
- rewrap signed html
pgp/mime:
- allow to use pgp/mime
- hash: sha512
(but not selected while sending)
advanced:
- encrypt if replying to enc. mesg.
- treat -- as sig sep.
- use gpg agent
- load MIME parts on demand
from prefs.js:
user_pref("extensions.enigmail.agentPath", "/usr/bin/gpg");
user_pref("extensions.enigmail.composeHtmlAlertCount", 0);
user_pref("extensions.enigmail.configuredVersion", "0.94.1.0");
user_pref("extensions.enigmail.encryptAttachments", 0);
user_pref("extensions.enigmail.encryptAttachmentsSkipDlg", 1);
user_pref("extensions.enigmail.logDirectory", "/tmp/enigmail");
user_pref("extensions.enigmail.mimeHashAlgorithm", 5);
user_pref("extensions.enigmail.useGpgAgent", true);
Best regards,
Bernd
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
On Sun, Dec 17, 2006 at 12:11:29PM +0100, Bernd Zeimetz wrote: > > > > > > I cannot reproduce this ... how is enigmail configured? > > > > a) to send attachments with PGP/MIME? > > b) to encrypt each attachment inline? > > > the b) setting results in not encrypted attachments How do you configure b) because it works for me too. - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
> > > I cannot reproduce this ... how is enigmail configured? > > a) to send attachments with PGP/MIME? > b) to encrypt each attachment inline? > the b) setting results in not encrypted attachments Works well in when I use a) Is there anything I can do for you to debug this? Best regards, Bernd Zeimetz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
On Sat, Dec 16, 2006 at 10:20:11PM +0100, Bernd Zeimetz wrote: > after some mails I just realized that attachments are not encrypted > (although encryption is selected) as long as you don't enter anything > into the mail's body. > This is a security issue for me, as you need to remember to add at least > to click into the body and hit a key if you want to have your > attachments encrypted. > I cannot reproduce this ... how is enigmail configured? a) to send attachments with PGP/MIME? b) to encrypt each attachment inline? - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
Package: enigmail Version: 2:0.94.1-1 Severity: important Heya, after some mails I just realized that attachments are not encrypted (although encryption is selected) as long as you don't enter anything into the mail's body. This is a security issue for me, as you need to remember to add at least to click into the body and hit a key if you want to have your attachments encrypted. Best regards, Bernd Zeimetz -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.19-rc4 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages enigmail depends on: ii gnupg1.4.5-1 GNU privacy guard - a free PGP rep ii icedove 1.5.0.8.dfsg1-1 free/unbranded thunderbird mail cl ii libc62.3.6.ds1-8 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-19 GCC support library ii libstdc++6 4.1.1-19The GNU Standard C++ Library v3 enigmail recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
