[Users] FYI: PGP-encrypted email Warning
colin at colino.net
Mon May 14 10:16:53 CEST 2018
On Mon, 14 May 2018 02:34:39 -0400, Charles A Edwards <cae at eslrahc.com>
From what I understand there is probably a vulnerability in PGP
decryption routines that might leak private keys if triggered by a
maliciously crafted encrypted message.
Given that Claws Mail automatically asks for the private key passphrase
upon opening an encrypted email, and that GnuPG Agent might provide it
automatically if enabled, the safe course of action is to unload PGP
plugins until fixed GPG packages are available in your distribution.
More information about the Users