#40713 – Claws Mail before 3.18.0 vulnerability: CVE-2021-37746

Bug 40713 - Claws Mail before 3.18.0 vulnerability: CVE-2021-37746

Summary: Claws Mail before 3.18.0 vulnerability: CVE-2021-37746

Status:	CLOSED NOTABUG

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	claws-mail (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P5 critical
Assignee:	Mikhail Efremov
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-08-12 01:49 MSK by Ilya Mashkin
Modified:	2021-08-12 11:14 MSK (History)
CC List:	11 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ilya Mashkin 2021-08-12 01:49:17 MSK

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746

Патч есть в Fedora

Comment 1 Mikhail Efremov 2021-08-12 11:14:26 MSK

В Сизифе claws-mail-3.18.0.