Processed: Re: Bug#898631: thunderbird: efail attack against S/MIME and PGP/MIME
Processing control commands: > retitle 898631 thunderbird: still efail attack issue possible Bug #898631 {Done: Carsten Schoenert } [src:thunderbird] thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances Changed Bug title to 'thunderbird: still efail attack issue possible' from 'thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances'. -- 898631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898631 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#898631: thunderbird: efail attack against S/MIME and PGP/MIME
Control: retitle 898631 thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances Hi again, Am 27.05.2018 um 10:04 schrieb intrigeri: > Hi Thunderbird maintainers! > > My understanding (by reading some Thunderbird upstream mailing lists) > is that 52.8.0 only has part of the EFAIL fixes and the remaining > fixes will go into 52.8.1. that's correct, unfortunately. > So perhaps this bug should not be marked as fixed in 1:52.8.0-1? > Or are the remaining problems tracked on another bug report that > I could not find? No, right now there is no other issue to track this. I had finished all my work on TB 52.8.0 before it was clear that the Efail thing isn't fully fixed bu 52.8.0. I wouldn't like to reopen the previous bug report and just use this one here to keep tracking the remaining issue. Hopefully Mozilla will do a release of 52.8.1 next week. -- Regards Carsten Schoenert
Bug#898631: thunderbird: efail attack against S/MIME and PGP/MIME
Hi Thunderbird maintainers! My understanding (by reading some Thunderbird upstream mailing lists) is that 52.8.0 only has part of the EFAIL fixes and the remaining fixes will go into 52.8.1. So perhaps this bug should not be marked as fixed in 1:52.8.0-1? Or are the remaining problems tracked on another bug report that I could not find? Cheers, -- intrigeri
Bug#898631: thunderbird: efail attack against S/MIME and PGP/MIME
Source: thunderbird Severity: grave Tags: security Justification: user security hole Hi, as you might already be aware, an attack has been published against PGP/MIME and S/MIME handling in various mail clients, including Thunderbird. I've already reported a bug against enigmail, since PGP handling seems mostly restricted to enigmail, but the S/MIME part is handled directly in Thunderbird as far as I can tell. We'll likely have to issue a DSA too. Regards, -- Yves-Alexis -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled