Re: [Tails-dev] Electrum in Tails has a serious bug

This message is part of the following thread:
Mthe complete thread tree sorted by date
MAmir Taaki at <-
 
Delete this message

Reply to this message
Author: drwhax
Date:  
To: The Tails public development discussion list
CC: Amir Taaki
Subject: Re: [Tails-dev] Electrum in Tails has a serious bug
Hi Amir,

Please see: https://labs.riseup.net/code/issues/15022

Thanks

On 2018-02-06 13:17, Amir Taaki wrote:
> Dear Tails developers,
>
> The current version of Electrum in Tails (2.7) has an attack vector via
> open RPC with password-less wallets.
>
> Because Tails has encrypted persistence, many users are likely to use
> Electrum on Tails without password protection.
>
> For more information, see here:
>
> https://github.com/spesmilo/electrum-docs/blob/master/cve.rst
>
> Fix: update the Electrum version to the current tarball on the download
> page (3.0.6).
>
> Best regards and respect for your continued efforts,
> Amir
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> Tails-dev-unsubscribe@???.

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-dev] Electrum in Tails has a serious bugRe: [Tails-dev] VeraCrypt/TrueCrypt support in GNOME Disks->
lists.autistici.org administrated by postmasterLurker (version 2.3)