Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 805335 (CVE-2021-37746)

Summary: [Tracker] Insufficient link validation in mail clients (CVE-2021-37746)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: polynomial-c
Priority: Normal Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 805332, 805338    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-31 05:55:38 UTC 
"textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-08 19:55:23 UTC 
@Polynomial-C: could you let us know if there's any connection b/t Claws Mail and Sylpheed?
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-11 20:03:05 UTC 
(In reply to Sam James from comment #1)
> @Polynomial-C: could you let us know if there's any connection b/t Claws
> Mail and Sylpheed?

I wonder how I missed this before when I was looking:
>In 2005, Sylpheed was forked to create Sylpheed-Claws, now known as Claws Mail.[2] As of 2020, both projects continue to be developed independently. 

That explains that!