Bug#403396: enigmail: security issue: attachments may be not encrypted
close 403396 thanks Heya, although I'm still not sure if this was a bug in 2:0.94.1-1 or if it was just my fault - at least the error didn't occur anymore in the last time. I didn't check if it was just fixed by 2:0.94.2-1 or just *someweirdthinggoingaway*, though. enigmail works just fine now. At least another bug closed :) Thanks, Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: [Enigmail] Bug#403396: enigmail: security issue: attachments may be not encrypted
Alexander Sack wrote: > Hi ... > > I couldn't reproduce this debian bug report ... however before I miss > something important, maybe you want to take a look at the code if > there might be a case where attachments might not get encrypted > ... > > For more info, please read http://bugs.debian.org/403396. > > BTS, Maybe keep bug email ([EMAIL PROTECTED]) CCed too. > > Thanks a lot, I can't reproduce the bug neither. However, I doubt that the reporter really did what he wrote. He reports that his prefs.js file contains the following line: user_pref("extensions.enigmail.encryptAttachments", 0); But this means: "encrypt the message body, but not the attachments". Thus I'm not surprised about the result. -Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
Hi ... I couldn't reproduce this debian bug report ... however before I miss something important, maybe you want to take a look at the code if there might be a case where attachments might not get encrypted ... For more info, please read http://bugs.debian.org/403396. BTS, Maybe keep bug email ([EMAIL PROTECTED]) CCed too. Thanks a lot, On Sat, Dec 16, 2006 at 10:20:11PM +0100, Bernd Zeimetz wrote: > Package: enigmail > Version: 2:0.94.1-1 > Severity: important > > Heya, > > after some mails I just realized that attachments are not encrypted > (although encryption is selected) as long as you don't enter anything > into the mail's body. > This is a security issue for me, as you need to remember to add at least > to click into the body and hit a key if you want to have your > attachments encrypted. > - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
> How do you configure b) because it works for me too. > hmm. have you tested it with disabled signature? here're all checked prefs: openpgp-preferences: - encrypt to self - always trust user ID - rewrap signed html pgp/mime: - allow to use pgp/mime - hash: sha512 (but not selected while sending) advanced: - encrypt if replying to enc. mesg. - treat -- as sig sep. - use gpg agent - load MIME parts on demand from prefs.js: user_pref("extensions.enigmail.agentPath", "/usr/bin/gpg"); user_pref("extensions.enigmail.composeHtmlAlertCount", 0); user_pref("extensions.enigmail.configuredVersion", "0.94.1.0"); user_pref("extensions.enigmail.encryptAttachments", 0); user_pref("extensions.enigmail.encryptAttachmentsSkipDlg", 1); user_pref("extensions.enigmail.logDirectory", "/tmp/enigmail"); user_pref("extensions.enigmail.mimeHashAlgorithm", 5); user_pref("extensions.enigmail.useGpgAgent", true); Best regards, Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
On Sun, Dec 17, 2006 at 12:11:29PM +0100, Bernd Zeimetz wrote: > > > > > > I cannot reproduce this ... how is enigmail configured? > > > > a) to send attachments with PGP/MIME? > > b) to encrypt each attachment inline? > > > the b) setting results in not encrypted attachments How do you configure b) because it works for me too. - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
> > > I cannot reproduce this ... how is enigmail configured? > > a) to send attachments with PGP/MIME? > b) to encrypt each attachment inline? > the b) setting results in not encrypted attachments Works well in when I use a) Is there anything I can do for you to debug this? Best regards, Bernd Zeimetz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
On Sat, Dec 16, 2006 at 10:20:11PM +0100, Bernd Zeimetz wrote: > after some mails I just realized that attachments are not encrypted > (although encryption is selected) as long as you don't enter anything > into the mail's body. > This is a security issue for me, as you need to remember to add at least > to click into the body and hit a key if you want to have your > attachments encrypted. > I cannot reproduce this ... how is enigmail configured? a) to send attachments with PGP/MIME? b) to encrypt each attachment inline? - Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack| : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `-http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#403396: enigmail: security issue: attachments may be not encrypted
Package: enigmail Version: 2:0.94.1-1 Severity: important Heya, after some mails I just realized that attachments are not encrypted (although encryption is selected) as long as you don't enter anything into the mail's body. This is a security issue for me, as you need to remember to add at least to click into the body and hit a key if you want to have your attachments encrypted. Best regards, Bernd Zeimetz -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.19-rc4 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages enigmail depends on: ii gnupg1.4.5-1 GNU privacy guard - a free PGP rep ii icedove 1.5.0.8.dfsg1-1 free/unbranded thunderbird mail cl ii libc62.3.6.ds1-8 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-19 GCC support library ii libstdc++6 4.1.1-19The GNU Standard C++ Library v3 enigmail recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]