Source: claws-mail Version: 3.17.8-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: reassign -2 sylpheed 3.7.0-8 Control: retitle -2 sylpheed: CVE-2021-37746 Control: found -1 3.17.3-2 Control: found -2 3.7.0-4
Hi, The following vulnerability was published for claws-mail (and sylpheed). CVE-2021-37746[0]: | textview_uri_security_check in textview.c in Claws Mail before 3.18.0, | and Sylpheed through 3.7.0, does not have sufficient link checks | before accepting a click. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-37746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746 [1] https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431 Regards, Salvatore