[Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Juergen Bruckner juergen at bruckner.tk
Mon Jun 11 11:43:37 CEST 2018

> (Could you please trim your quotes? Incidentally, this would have
> prevented the problem in the first place, both on the first and on your
> reply).
Thanks for the hint

> It would appear that at least Enigmail (mine is from Debian
> stable/stretch) ignores an inline encrypted block if it is indented, but
> interprets it if it is quoted *and* indented. So while there was no
> attempt to decrypt the block in the first message by Werner, as soon as
> it was part of a quote, starting with ">   ", Enigmail will try to
> process it. Type in the passphrase "abc" without quotes, and you'll
> decrypt the test message part of the announcement.
and thanks again for the info


Juergen M. Bruckner
juergen at bruckner.tk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180611/729084a4/attachment.bin>

More information about the Gnupg-users mailing list