Re: [Tails-dev] Electrum in Tails has a serious bug

[drwhax]

Hi Amir,

Please see: https://labs.riseup.net/code/issues/15022

Thanks

On 2018-02-06 13:17, Amir Taaki wrote:
> Dear Tails developers,
> 
> The current version of Electrum in Tails (2.7) has an attack vector via
> open RPC with password-less wallets.
> 
> Because Tails has encrypted persistence, many users are likely to use
> Electrum on Tails without password protection.
> 
> For more information, see here:
> 
> https://github.com/spesmilo/electrum-docs/blob/master/cve.rst
> 
> Fix: update the Electrum version to the current tarball on the download
> page (3.0.6).
> 
> Best regards and respect for your continued efforts,
> Amir
> ___
> Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> tails-dev-unsubscr...@boum.org.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] Electrum in Tails has a serious bug

[Amir Taaki]

Dear Tails developers,

The current version of Electrum in Tails (2.7) has an attack vector via
open RPC with password-less wallets.

Because Tails has encrypted persistence, many users are likely to use
Electrum on Tails without password protection.

For more information, see here:

https://github.com/spesmilo/electrum-docs/blob/master/cve.rst

Fix: update the Electrum version to the current tarball on the download
page (3.0.6).

Best regards and respect for your continued efforts,
Amir
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.