[Enigmail] Size limit for encrypted messages?

John Clizbe JPClizbe at tx.rr.com
Mon May 19 12:05:09 PDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote:
> Faramir wrote:
>>    Maybe you should upgrade to GnuPG 1.4.9, that is the current
>> version,... I am not really sure how to upgrade, but probably in the
>> GnuPG list you can get help about that.

Download installer from GnuPG.org. Run installer. Accept default answers.

> I may be wrong here, but I believe that's unnecessary.

Most likely unnecessary. 1.4.7 should be safe. 1.4.8 should be upgraded

> The difference from 1.4.7 --> 1.4.8 was the introduction of support for
> Windows Vista.  However, when they introduced Vista support they also
> introduced a new bug, which led to the 1.4.9 release.  The 1.4.9 release
> fixes a bug which does not exist in 1.4.7, making an upgrade kind of
> superfluous -- there are no security advisories against 1.4.7 for
> Windows, as far as I know.

Please don't conflate these two issues.

The introduction of Vista support had nothing to do with the security bug
introduced in 1.4.8 other than both were in 1.4.8. The two events occurred
nearly six months apart.

The security issue affects ALL platforms, not just Windows Vista, or any
particular flavor of Windows in that regard.

The security issue was possible memory corruption when importing OpenPGP keys
and removing duplicate user IDs. See bug 894 or the commit log for r4712
(2008-03-23). (Code introduced in r4576, 2007-09-02)

"Vista support" had to do with the calling of access() and Vista paying
attention to a previously ignored return value. r4461 (2007-03-14). The bug
affected the calling of the keyserver helper programs, nothing more.

- --
John P. Clizbe                   Inet: JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4754-2008-04-30 (Windows XP)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkgxz14ACgkQvh+YERi7Nzpp6QP+LKK0rJ4GXgqDmlQovPHQ10kc
gvmcqVcnXQ4cUGlaweTFlXzAFtYNEQWx7XtRGTp7fB5WEGUK3XrkeMkP8vph7KUl
O2Hl3cafBnxr5YhZhD6Nf61c17I8pdn2gfjw3GZgi70ZLX78a5DWzAerjE17qWFz
ix7nBoznogA9v5bv/KOIRgQBEQIABgUCSDHPXgAKCRAdBKxKYI0qEGNHAKCEoO/W
ryuhC+BL8BJ+7Hi2mU18GACg7jthd0NUPeANNW2HOJOqFCpTa38=
=xbR/
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list