Package: sylpheed-claws-gtk2 Severity: important Tags: patch security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2920: "Sylpheed-Claws before 2.2.2 allows remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character." The FrSIRT notice incorrectly lists fixed files; you'll need at least 1.36.2.64 of src/common/utils.c [1] and 1.96.2.115 of src/textview.c [2]. Those revisions are part of release 2.2.2. Please mention the CVE in your changelog. Thanks, Alec [1] http://cvs.sunsite.dk/viewcvs.cgi/sylpheedclaws/sylpheed-claws/src/common/utils.c.diff?r1=1.36.2.63&r2=1.36.2.64&only_with_tag=gtk2 [2] http://cvs.sunsite.dk/viewcvs.cgi/sylpheedclaws/sylpheed-claws/src/textview.c.diff?r1=1.96.2.114&r2=1.96.2.115&only_with_tag=gtk2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjVbXAud/2YgchcQRAqjZAKDYvIAAJeWjSPWD1y8D2oCdzj/bEwCZAU++ Sncjxl+ov1nrkwCFSWea974= =QD3x -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
