sajolida: > During the last monthly meeting I volunteered to issue a security > advisory about the fact that Claws saved unencrypted emails to Drafts > and Queue folders on the IMAP server. > > I've been gathering info and doing shitloads of testing, and I think we > have (almost) all the information to explain this properly and fix what > can be fixed in Tails. > > So please review and comment on the synopsis from #9161.
During the monthly meeting I realized that my analysis was actually pretty wrong all the way. Thanks everybody for correcting me! So here is a draft of the security advisory, please review and comment: https://tails.boum.org/blueprint/claws_mail_leaks_plaintext_to_imap/ I'd like to publish it on Thursday morning (or early afternoon) to have it visible over the week-end before the release. I pointed upstream to it on http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965#c9. On Thursday, I'll also integrate this in the Claws Mail doc and fix #9159 at last. -- sajolida _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
