Since which Version ist that the case? (As maybe changelog is of little help with the secrecy recently)
Am May 17, 2018 6:35:32 AM UTC schrieb Patrick Brunschwig <patr...@enigmail.net>: >I fear that that's likely to happen. A measure against the Efail >vulnerability was to disable decryption of messages that have no MDC >protection. > >It's fairly possible that old messages (using old algorithms) have no >MDC protection - but there is no way out. You'd risk to be attacked >_very_ easily otherwise as the Efail paper clearly explains. > >I strongly suggest that you only read such old mails on the command >line >- there is no sensible safeguarding possible in Enigmail. > >-Patrick > >(CC-ing the Enigmail Mailing list, as I consider this important info >for >many other users too) > >On 17.05.18 08:27, Bitcoin Admin wrote: >> >> Hello, I can't use 2.0.4, after installation all my old encrypted >> messages throw up an error (and don't decrypt anymore), the >encryption >> details show , however, that the correct keys were used. >> How come? >> >> Tom >> >> >> On 05/16/2018 04:40 PM, Patrick Brunschwig wrote: >>> I have released Enigmail v2.0.4 for Thunderbird version 52 and >SeaMonkey >>> 2.46 and newer. >>> >>> >>> Changes >>> ======= >>> This version implements two workarounds to prevent against "Efail" >>> vulnerabilities (https://efail.de). I strongly recommend to upgrade >to >>> Enigmail 2.0.4 as soon as possible. >>> >>> >>> Details >>> ======= >>> >>> Efail: fail on GnuPG integrity check warnings for old Algorithms >>> ---------------------------------------------------------------- >>> >>> Enigmail now discovers if GnuPG prints a warning message about >missing >>> MDC (Modification Detection Code) for old algorithms like CAST5 and >>> treats it like a hard failure. Such a message will no longer be >>> displayed. >>> >>> Efail: protect against remot URL calls in unpatched Thunderbird >>> --------------------------------------------------------------- >>> I implemented a workaround to prevent against leaking decrypted >message >>> data to remote URLs. This workaround is meant as temporary measure >until >>> Thunderbird has a more robust solution. The workaround protects >>> successfully against the known forms of the vulnerabilities. >>> >>> I still recommend to use the "Simple HTML" view in Thunderbird >>> (accessible via menu View > Message Body as > Simple HTML) to >prevent >>> from loading any remote content. >>> >>> >>> Obtaining Enigmail >>> ================== >>> Enigmail can be downloaded from >>> <https://www.enigmail.net/index.php/en/download/> >>> >>> The changelog is available from >>> <https://www.enigmail.net/index.php/en/download/changelog> >>> >>> >>> Additional Remarks >>> ================== >>> The new version is still waiting for approval on >>> https://addons.mozilla.org; you should receive it automatically via >the >>> addons-update once the approval is made. >>> >>> -Patrick >>> >>> >>> >>> _______________________________________________ >>> enigmail-users mailing list >>> enigmail-users@enigmail.net >>> To unsubscribe or make changes to your subscription click here: >>> >https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net >> >>
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
