tags 372889 confirmed fixed-upstream pending thanks On Mon, 12 Jun 2006 06:58:15 -0500 Alec Berryman <[EMAIL PROTECTED]> wrote:
> Package: sylpheed-claws-gtk2 > Severity: important > Tags: patch security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > CVE-2006-2920: "Sylpheed-Claws before 2.2.2 allows remote attackers to > bypass the URI check functionality and makes it easier to conduct > phishing attacks via a URI that begins with a space character." > > The FrSIRT notice incorrectly lists fixed files; you'll need at least > 1.36.2.64 of src/common/utils.c [1] and 1.96.2.115 of src/textview.c > [2]. Those revisions are part of release 2.2.2. > > Please mention the CVE in your changelog. Will be handled in the upload of the new 2.3.0 version, released today. regards, -- Ricardo Mones ~ Physics is like sex: sure, it may give some practical results, but that's not why we do it. Richard Feynman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
