MSGID: 2:221/1.58@fidonet 20c5124b   
   PID: OpenXP/5.0.64 (Win32)   
   CHRS: ASCII 1   
   TZUTC: -0400   
   Best to patch up!   
      
   There is a CVE-2025-47934 issued for the openpgp.js issue     
   mentioned a few days ago.   
      
   People using Mailvelop, Flowcrypt, Mymail-crypt, UDC,     
   Encrypt.to, PGP Anywhere, passbolt  ..should be wary.   
      
   Protonmali seems to be using one of the openpgp.js packages out     
   there too, but I cannot confirm which one.   
      
   ""Proton Mail uses version 3.0 of OpenPGPjs. This version,     
   released in March 2018, includes improvements that enable full     
   interoperability with PGP and allows for better overall     
   functionality, as outlined by Proton."  ..that's their     
   statement from 2018.   
      
   So.. does Protonmail use this one..   
   https://github.com/ProtonMail/gopenpgp ?   
      
   Or this one..   
   https://Github.com/openpgpjs/openpgpjs  ..has 6.1.0.   
      
      
   "In technical terms, the vulnerability arises because   
   OpenPGP.js fails to correctly associate the extracted message   
   data with its actual signature during verification. This   
   oversight allows attackers to manipulate the content of a   
   message while retaining a valid signature from a previous,   
   unrelated message.   
      
   "In order to spoof a message," the advisory explains, "the   
   attacker needs a single valid message signature (inline or   
   detached) as well as the plaintext data that was legitimately   
   signed. They can then construct an inline-signed or signed-and-   
   encrypted message containing any data of their choice, which   
   will appear as legitimately signed."   
      
   "This means a bad actor can reuse a valid signature to forge   
   new content that appears authentic to the recipient, bypassing   
   the trust model OpenPGP is built upon.   
      
   Mozilla's Response and Patches   
   In response to these vulnerabilities, Mozilla has issued   
   security patches for the following versions:   
      
   Mozilla Firefox 134   
   Mozilla Thunderbird 134   
   Firefox ESR 115.19 and 128.6   
   Thunderbird ESR 115.19 and 128.6   
      
   https://thecyberexpress.com/critical-vulnerabilities-in-mozilla-products/   
      
      
   --- OpenXP 5.0.64   
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)   
   SEEN-BY: 50/22 103/705 105/81 106/201 124/5016 128/187 153/757 7715   
   SEEN-BY: 154/10 30 110 203/0 218/700 221/1 6 226/30 227/114 229/110   
   SEEN-BY: 229/114 206 317 400 426 428 470 664 700 705 240/1120 5832   
   SEEN-BY: 266/512 280/464 5003 5006 291/111 292/854 8125 301/1 310/31   
   SEEN-BY: 320/219 322/757 341/66 234 342/200 396/45 423/81 120 460/58   
   SEEN-BY: 460/256 1124 467/888 633/280 712/848 770/1 902/26 5020/400   
   SEEN-BY: 5020/8912 5054/30 5075/35   
   PATH: 221/1 280/464 460/58 229/426