Claws Mail leaks cleartext of encrypted email to the IMAP server (#8999) · Issues · tails / tails

Claws Mail leaks cleartext of encrypted email to the IMAP server

Originally created by @intrigeri on #8999 (Redmine)

With the default configuration, it leaks at least to the Drafts (according to #8986 (closed)) and Queue IMAP folders (see “PGP MIME is insecure (for me)” thread on -dev@ https://mailman.boum.org/pipermail/tails-dev/2015-February/008275.html).

Setting Elevated priority: even if we plan to replace it with Icedove, we still ship Claws Mail and those issues seem serious to me. Worst case, it can be addressed by documentation, and issueing a security advisory pointing to that doc. Existing users of Claws Mail with persistence will need to be explained how to fix their settings anyway.

Upstream ticket: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965

Subtasks

#8986 (closed)
#9000 (closed)
#9161 (closed)

Related issues

Related to #5316

Edited May 15, 2020 by intrigeri

To upload designs, you'll need to enable LFS. More information