Bug 40713

Summary: Claws Mail before 3.18.0 vulnerability: CVE-2021-37746
Product: Sisyphus Reporter: Ilya Mashkin <oddity>
Component: claws-mailAssignee: Mikhail Efremov <sem>
Status: CLOSED NOTABUG QA Contact: qa-sisyphus
Severity: critical    
Priority: P5 CC: at, cas, crux, ender, lav, ldv, mike, qa_viy, sem, shaba, viy
Version: unstable   
Hardware: all   
OS: Linux   

Description Ilya Mashkin 2021-08-12 01:49:17 MSK 
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746

Патч есть в Fedora
Comment 1 Mikhail Efremov 2021-08-12 11:14:26 MSK 
В Сизифе claws-mail-3.18.0.