Most other GnuPG-enabled mail clients in Trisquel use GpgME, as far as I know, so they should not be vulnerable to EFail at all, but I did not test any of them.
The GnuPG package in Trisquel 8 does not seem to be vulnerable to maliciously
crafted embedded filenames anymore (which is the vulnerability that enabled
SigSpoof, as far as I remember). At least when I tested it, the embedded
filename got sanitized correctly.
I also checked Enigmail, and the version that currently comes with Trisquel 8
appears to be built in October of 2018, which is some time after the
discovery of EFail, so I'd assume that it has been patched as well, and I
haven't heard of any additional vulnerabilities since then.
To be extra safe however, you can disable the loading of external media such
as images (which should be the default with icedove), or, as chaosmonk
suggested, you can disable HTML mails entirely by going into the menu and
selecting: view -> message body -> plain text
- [Trisquel-users] email client - exploits - which repo programs a... emrobin2
- Re: [Trisquel-users] email client - exploits - which repo p... mason
- Re: [Trisquel-users] email client - exploits - which repo p... emrobin2
- Re: [Trisquel-users] email client - exploits - which repo p... emrobin2
- Re: [Trisquel-users] email client - exploits - which repo p... liberpool
- Re: [Trisquel-users] email client - exploits - which repo p... emrobin2