Breaking signatures in message/rfc822 attachement!
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
High
|
Mark Sapiro | ||
2.1 |
Fix Released
|
Undecided
|
Mark Sapiro |
Bug Description
Mailman _must_ not touch MIME-parts which are nested
more deeply in the mail. As tested with Mailman 2.1.2,
header lines will be sometimes reformatted in
message/rfc822 attachments which will break the OpenPGP
signature
(also conforming to the PGP/MIME standard) on that part.
I'm attaching a simple email with on long header.
Forward this as MIME part and sign it sending it
through Mailman,
the signature will be broken.
This is an email security affecting bug, because if people
start believing that a *BAD* signature does not mean much,
because they get many broken by mailman, they will not
react
to a seriously manipulated email anymore!
[http://
Changed in mailman: | |
assignee: | nobody → Mark Sapiro (msapiro) |
status: | New → Fix Committed |
Changed in mailman: | |
milestone: | 2.1-stable → 2.1.13rc1 |
status: | Fix Committed → Fix Released |
Here is the email signed by myself and broken
after delivery through mailman. Check the "To:" header line.