Package: sylpheed Version: 2.4.0~beta8-1 Severity: critical Justification: causes serious data loss
...this html mail snip: <P align=left><FONT face=Verdana size=2>Please visit the resolution center located here</FONT></P> <html><P align=left><BR><A target="_blank" href="http://www.armordolls.it/pay.html"; ><FONT face=Verdana size=2>https://www.paypal.com/cgi-bin/webscr?cmd=_login-run=res-center</FONT></html></A></P> <P align=left><BR><FONT face=Verdana size=2><BR> to verify your identity and avoid the blocking of your account</FONT></P> <P align=left><FONT face=Verdana color=#838383 size=2>Sincerely,<BR>PayPal Account Review Department<BR>PayPal,an eBay Company</FONT><BR></P> <P> </P></xbody> ...will show "https://www.paypal.com/cgi-bin/webscr?cmd=_login-run=res-center";, both in the message body, and on the status line on mouse-over, and take the user to the rather credible armordoll.it site where he can surrender his paypal data 'n monetas. Ctrl-U will show the spoofed html source correctly. ...best remedy is remove the html rendering. Toggling it on|off will also work. ...this bug is also present on the 2.3.etc version of Sylpheed. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i586) Kernel: Linux 2.6.18-4-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sylpheed depends on: ii libaspell15 0.60.5-1 GNU Aspell spell-checker runtime l ii libatk1.0-0 1.18.0-2 The ATK accessibility toolkit ii libbluetooth2 3.9-1 Library to use the BlueZ Linux Blu ii libc6 2.5-2 GNU C Library: Shared libraries ii libcairo2 1.4.4-1 The Cairo 2D vector graphics libra ii libcompfaceg1 1:1.5.2-4 Compress/decompress images for mai ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libglib2.0-0 2.12.11-3 The GLib library of C routines ii libgpg-error0 1.4-2 library for common error values an ii libgpgme11 1.1.2-5 GPGME - GnuPG Made Easy ii libgtk2.0-0 2.10.11-2 The GTK+ graphical user interface ii libgtkspell0 2.0.10-3+b1 a spell-checking addon for GTK's T ii libldap2 2.1.30-13.4 OpenLDAP libraries ii libpango1.0-0 1.16.2-1 Layout and rendering of internatio ii libpisock9 0.12.2-9 library for communicating with a P ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libssl0.9.8 0.9.8e-4 SSL shared libraries ii libusb-0.1-4 2:0.1.12-7 userspace USB programming library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxcursor1 1:1.1.8-2 X cursor management library ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.2-1 X Rendering Extension client libra ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages sylpheed recommends: ii aspell-en [aspell-dictiona 6.0-0-5.1 English dictionary for GNU Aspell ii metamail 2.7-53 implementation of MIME ii sylpheed-claws-scripts 1.0.5-5.1 Helper scripts for Sylpheed and Sy ii sylpheed-i18n 2.4.0~beta8-1 Locale data for Sylpheed (i18n sup ii xfonts-100dpi 1:1.0.0-3 100 dpi fonts for X ii xfonts-100dpi-transcoded 1:1.0.0-3 100 dpi fonts for X (transcoded fr ii xfonts-75dpi 1:1.0.0-3 75 dpi fonts for X ii xfonts-75dpi-transcoded 1:1.0.0-3 75 dpi fonts for X (transcoded fro -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
