Package: pgp4pine Version: 1.76-1 Severity: grave Justification: user security hole
Pine accesses pgp4pine as a filter when selected for sending: "Send message (filtered thru "pgp4pine" as "<[EMAIL PROTECTED]>")?" Yes ([EMAIL PROTECTED] substituted in examples) Next appears pgp4pine appears asking: - - You know all recipient keys. You may: a) Sign and encrypt the message ...etc - - selecting "a" appears: - - You need a passphrase to unlock the secret key for user: "First Last <[EMAIL PROTECTED]>" 1024-bit DSA key, ID 6F4E7E16, created 2005-11-01 - - entering wrong passphrase: - - gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: "First Last <[EMAIL PROTECTED]>" 1024-bit DSA key, ID 6F4E7E16, created 2005-11-01 - - this repeats three times, but on third time with wrong password pgp4pine returns the message back to pine without an error so pine then sends it as "filtered" - but in this case as uncrypted mail to receiver. Error should be reported to pine same way as when aborting pgp4pine by pressing ctrl-c. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.12.3-qnet-dvb Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages pgp4pine depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
