Bug 805332

Summary:	<mail-client/claws-mail-3.18.0: Insufficient link validation (CVE-2021-37746)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	polynomial-c, voyageur
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa]
Package list:	mail-client/claws-mail-3.18.0 dev-libs/libindicate-12.10.1-r3 arm	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	805335

Description Sam James archtester

2021-07-31 05:53:51 UTC

Description:
"textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click."

Comment 1 Sam James archtester

2021-07-31 05:54:49 UTC

Let us know when ready to stable, thanks!

Comment 2 Sam James archtester

2021-08-08 19:54:52 UTC

Ping, is it ready to stable yet?

Comment 3 Agostino Sarubbo gentoo-dev

2021-08-10 15:37:10 UTC

amd64 stable

Comment 4 Sam James archtester

2021-08-11 00:10:21 UTC

ppc done

Comment 5 Sam James archtester

2021-08-11 04:21:19 UTC

arm64 done

Comment 6 Agostino Sarubbo gentoo-dev

2021-08-11 06:41:18 UTC

ppc64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2021-08-12 06:41:25 UTC

x86 stable

Comment 8 Sam James archtester

2021-09-07 01:09:06 UTC

arm done

all arches done

Comment 9 Sam James archtester

2021-09-07 01:09:17 UTC

Please cleanup.

Comment 10 NATTkA bot gentoo-dev

2022-02-16 21:28:44 UTC

Unable to check for sanity:

> no match for package: mail-client/claws-mail-3.18.0

Comment 11 Bernard Cafarelli gentoo-dev

2022-07-10 12:56:38 UTC

Oldest ebuild in tree is 3.18.0-r3, so it looks like cleanup is already done

Comment 12 John Helmert III archtester

2023-06-12 04:23:14 UTC

Indeed, no GLSA, all done.