[Users] FYI: PGP-encrypted email Warning

Shai Berger shai at platonix.com
Tue May 15 07:47:55 CEST 2018


On Tue, 15 May 2018 11:14:03 +0800
Chris Schrauben <chrisretusn at gmail.com> wrote:

> On Mon, 14 May 2018 14:25:36 +0200
> Steffen Klemer <moh at gmx.org> wrote:
> 
> > Am Mo, 14.05.2018 um 02:34 schrieb Charles A Edwards
> > <cae at eslrahc.com>:
> >   
> > > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now    
> > 
> > The corresponding paper got out:
> > https://efail.de/
> > 
> Reading further down down on that link is shows Claws as not being
> vulnerable.

The main vector for using the vulnerability is HTML mail, which Claws
does not support by default. As far as I could see, there was no
specific reference to the HTML plugins; as far as I understand, Claws
with an HTML plugin (like Fancy) should get the same score as, e.g.
KMail (that is, vulnerability can be abused but requires user
interaction to do so).

Shai.



More information about the Users mailing list