CVE-2006-2920

NameCVE-2006-2920
DescriptionSylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs372889, 372891, 373187

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sylpheed (PTS)jessie3.5.0~beta1~r3426-1fixed
stretch3.5.1-2fixed
buster3.7.0-4fixed
bullseye3.7.0-8fixed
bookworm3.8.0~beta1-1fixed
sid, trixie3.8.0~beta1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sylpheedsource(unstable)2.2.6-1low
sylpheed-clawssource(unstable)1.0.5-3low372891
sylpheed-claws-gtk2source(unstable)2.3.0-1low372889
sylpheed-gtk1source(unstable)1.0.6-3low373187

Notes

[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
Search for package or bug name: Reporting problems