Kaie, these cover your comments from August 24, 2020 email ...
(In reply to Wayne Mery (:wsmwk) from comment #0)
Created attachment 9182160 [details]
- RNP-01-001 WP1 RNP: Integer overflow due to expiration time of PGP v3 keys (Low) - bug 1671737
- RNP-01-004 WP1 RNP: Potential Integer underflow in partial_dst_write() (Low) - bug 1671738
- RNP-01-005 WP1 RNP: Literal packet parsing allows for Integer underflow (Low) - bug 1671758
- RNP-01-006 WP2 Thunderbird: Evaluation of password strength insufficient (Low) - bug 1671759
- RNP-01-007 WP1 RNP: encrypt_secret_key() does not wipe keybuf from memory (Low) - bug 1673236
- RNP-01-012 WP1 Thunderbird: Logic issue potentially leaves key material unlocked (Medium) - bug 1673239
- RNP-01-014 WP1 Thunderbird: Key manipulation via uncertified Auto-Import (Medium) - bug 1673240
- RNP-01-002 WP3 Thunderbird: Automatic handling of autocrypt-gossip header (Info)
Kaie's comment "immediate response already done by disabling by bug 1659504 TODO: code reminder/comment for future work on this feature"
- RNP-01-003 WP3 Thunderbird: Possible race condition when reading from disk (Info)
Kaie, you'll need a bug for "should change code to use in memory buffer, not temporary file"
- RNP-01-008 WP3 Thunderbird: Partially unencrypted email insufficiently detected (Low) - bug 1673241
- RNP-01-009 WP1 RNP: mem_dest_own_memory() callers do not check for NULL (Info)
"not used by TB"
- RNP-01-010 WP1 Thunderbird: Outdated and vulnerable Botan library version (Info)
"update underlying Botan library. need plan/procedure to ensure we update Botan when appropriate"
- RNP-01-011 WP1 RNP: Potential overflow in librepgp due to invalid size check (Low) - bug 1673242
- RNP-01-013 WP2 Thunderbird: Forbidden cipher-suites/algorithms recommendations (Info)
Your email indicates this is fixed by fixed by Bug 1641720 - Need an OpenPGP crypto policy, only show security indicators for mechanisms that are on the allowlist
I believe this update covers all the "info" findings. If correct, then just one new bug needs to be created.