sajolida:
> During the last monthly meeting I volunteered to issue a security
> advisory about the fact that Claws saved unencrypted emails to Drafts
> and Queue folders on the IMAP server.
>
> I've been gathering info and doing shitloads of testing, and I think we
> have (almost) all the information to explain this properly and fix what
> can be fixed in Tails.
>
> So please review and comment on the synopsis from #9161.
During the monthly meeting I realized that my analysis was actually
pretty wrong all the way. Thanks everybody for correcting me!
So here is a draft of the security advisory, please review and comment:
https://tails.boum.org/blueprint/claws_mail_leaks_plaintext_to_imap/
I'd like to publish it on Thursday morning (or early afternoon) to have
it visible over the week-end before the release.
I pointed upstream to it on
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965#c9.
On Thursday, I'll also integrate this in the Claws Mail doc and fix
#9159 at last.
--
sajolida
