CVE-2006-2920

Name	CVE-2006-2920
Description	Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	372889, 372891, 373187

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
sylpheed (PTS)	jessie	3.5.0~beta1~r3426-1	fixed
	stretch	3.5.1-2	fixed
	buster	3.7.0-4	fixed
	bullseye	3.7.0-8	fixed
	sid, trixie, bookworm	3.8.0~beta1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
sylpheed	source	(unstable)	2.2.6-1	low
sylpheed-claws	source	(unstable)	1.0.5-3	low	372891
sylpheed-claws-gtk2	source	(unstable)	2.3.0-1	low	372889
sylpheed-gtk1	source	(unstable)	1.0.6-3	low	373187

Notes

[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)