| Release | Version |
|---|---|
| jessie | 3.11.1-3+deb8u1 |
| stretch | 3.14.1-3 |
| buster | 3.17.3-2 |
| bullseye | 3.17.8-1 |
| bookworm | 4.1.1-2 |
| trixie | 4.3.0-1 |
| sid | 4.3.0-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37746 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ... |
| CVE-2020-16094 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ... |
| CVE-2020-15917 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | common/session.c in Claws Mail before 3.17.6 has a protocol violation ... |
| CVE-2019-10735 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encry ... |
| Bug | Description |
|---|---|
| CVE-2015-8708 | Stack-based buffer overflow in the conv_euctojis function in codeconv. ... |
| CVE-2015-8614 | Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) co ... |
| CVE-2014-2576 | plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_ ... |
| CVE-2012-4507 | The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ... |
| CVE-2010-5109 | Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's ... |
| CVE-2007-6208 | sylprint.pl in claws mail tools (claws-mail-tools) allows local users ... |
| CVE-2007-1558 | The APOP protocol allows remote attackers to guess the first 3 charact ... |
| DSA / DLA | Description |
|---|---|
| DSA-3452-1 | claws-mail - security update |
| DLA-383-1 | claws-mail - security update |