Package: sylpheed-claws Severity: important Tags: security patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2920: "Sylpheed-Claws before 2.2.2 allows remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character." The FrSIRT notice incorrectly lists fixed files; you'll need at least 1.36.2.64 of src/common/utils.c [1] and 1.96.2.115 of src/textview.c [2]. Please mention the CVE in your changelog. Versions in sarge and woody appear vulnerable. Thanks, Alec [1] http://cvs.sunsite.dk/viewcvs.cgi/sylpheedclaws/sylpheed-claws/src/common/utils.c.diff?r1=1.36.2.63&r2=1.36.2.64&only_with_tag=gtk2 [2] http://cvs.sunsite.dk/viewcvs.cgi/sylpheedclaws/sylpheed-claws/src/textview.c.diff?r1=1.96.2.114&r2=1.96.2.115&only_with_tag=gtk2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjVfEAud/2YgchcQRAi+6AKCvqhLo48kIe571DW1crMkf2KJR8QCg4qBU uF53ADM6NC6KE24LbSRwb8E= =sNHo -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
