Package: sylpheed-gtk1 Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2920 has been updated to report sylpheed is vulnerable to the URI bypass I filed bug reports about yesterday. New CVE text: "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character." I browsed through the src/utils.c and src/textview.c and it appears that they are vulnerable. Please mention the CVE number in your changelog. Thanks, Alec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjrNRAud/2YgchcQRAqb+AKCKxLJjI/lXPrsD8gqxn0FNUVVlBwCfQ0UO DxlkWYRBp/tUIYzyj8HOKrg= =lz7m -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
