[Bug 231733] New: CVE-2007-1267: sylpheed <= 2.2.7 message forgery vulnerability
bugzilla at redhat.com
bugzilla at redhat.com
Sat Mar 10 22:19:51 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231733
Summary: CVE-2007-1267: sylpheed <= 2.2.7 message forgery
vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: sylpheed
AssignedTo: bugs.michael at gmx.net
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-list at redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1267
"Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when
invoking GnuPG, which prevents Sylpheed from visually distinguishing between
signed and unsigned portions of OpenPGP messages with multiple components, which
allows remote attackers to forge the contents of a message without detection."
This issue is reported against a suspiciously old version of Sylpheed; bug filed
for verification whether current versions in FE5+ are affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list