Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 920
    • Issues 920
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #8999
Closed
Open
Created Mar 03, 2015 by intrigeri@intrigeriMaintainer3 of 3 tasks completed3/3 tasks

Claws Mail leaks cleartext of encrypted email to the IMAP server

Originally created by @intrigeri on #8999 (Redmine)

With the default configuration, it leaks at least to the Drafts (according to #8986 (closed)) and Queue IMAP folders (see “PGP MIME is insecure (for me)” thread on -dev@ https://mailman.boum.org/pipermail/tails-dev/2015-February/008275.html).

Setting Elevated priority: even if we plan to replace it with Icedove, we still ship Claws Mail and those issues seem serious to me. Worst case, it can be addressed by documentation, and issueing a security advisory pointing to that doc. Existing users of Claws Mail with persistence will need to be explained how to fix their settings anyway.

Upstream ticket: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965

Subtasks

  • #8986 (closed)
  • #9000 (closed)
  • #9161 (closed)

Related issues

  • Related to #5316 (closed)
Edited May 15, 2020 by intrigeri
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking