Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 805335 (CVE-2021-37746) - [Tracker] Insufficient link validation in mail clients (CVE-2021-37746)
Summary: [Tracker] Insufficient link validation in mail clients (CVE-2021-37746)
Status: IN_PROGRESS
Alias: CVE-2021-37746
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on: 805332 805338
Blocks:
  Show dependency tree
 
Reported: 2021-07-31 05:55 UTC by Sam James
Modified: 2021-08-11 20:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-07-31 05:55:38 UTC
"textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click."
Comment 1 Sam James archtester gentoo-dev Security 2021-08-08 19:55:23 UTC
@Polynomial-C: could you let us know if there's any connection b/t Claws Mail and Sylpheed?
Comment 2 Sam James archtester gentoo-dev Security 2021-08-11 20:03:05 UTC
(In reply to Sam James from comment #1)
> @Polynomial-C: could you let us know if there's any connection b/t Claws
> Mail and Sylpheed?

I wonder how I missed this before when I was looking:
>In 2005, Sylpheed was forked to create Sylpheed-Claws, now known as Claws Mail.[2] As of 2020, both projects continue to be developed independently. 

That explains that!