Fedora has issued an advisory today (August 11): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6/ The issue is fixed upstream in claws-mail 3.18.0, and Fedora has a patch for sylpheed. The claws-mail package in Cauldron has already been updated. Mageia 8 is affected for both packages.
Whiteboard: (none) => MGA8TOOCC: (none) => geiger.david68210, jani.valimaaStatus comment: (none) => Fixed upstream in claws-mail 3.18.0, Patch available from Fedora for sylpheed
Fixed packages uploaded by Jani. claws-mail-3.18.0-1.mga8 claws-mail-litehtml_viewer-plugin-3.18.0-1.mga8 claws-mail-devel-3.18.0-1.mga8 claws-mail-tools-3.18.0-1.mga8 claws-mail-vcalendar-plugin-3.18.0-1.mga8 claws-mail-notification-plugin-3.18.0-1.mga8 claws-mail-rssyl-plugin-3.18.0-1.mga8 claws-mail-mailmbox-plugin-3.18.0-1.mga8 claws-mail-pgpcore-plugin-3.18.0-1.mga8 claws-mail-managesieve-plugin-3.18.0-1.mga8 claws-mail-perl-plugin-3.18.0-1.mga8 claws-mail-archive-plugin-3.18.0-1.mga8 claws-mail-spamassassin-plugin-3.18.0-1.mga8 claws-mail-pdf_viewer-plugin-3.18.0-1.mga8 claws-mail-libravatar-plugin-3.18.0-1.mga8 claws-mail-clamd-plugin-3.18.0-1.mga8 claws-mail-bogofilter-plugin-3.18.0-1.mga8 claws-mail-gdata-plugin-3.18.0-1.mga8 claws-mail-bsfilter-plugin-3.18.0-1.mga8 claws-mail-acpi-plugin-3.18.0-1.mga8 claws-mail-smime-plugin-3.18.0-1.mga8 claws-mail-pgpmime-plugin-3.18.0-1.mga8 claws-mail-pgpinline-plugin-3.18.0-1.mga8 claws-mail-spam_report-plugin-3.18.0-1.mga8 claws-mail-att_remover-plugin-3.18.0-1.mga8 claws-mail-address_keeper-plugin-3.18.0-1.mga8 claws-mail-dillo-plugin-3.18.0-1.mga8 claws-mail-attachwarner-plugin-3.18.0-1.mga8 claws-mail-fetchinfo-plugin-3.18.0-1.mga8 claws-mail-newmail-plugin-3.18.0-1.mga8 claws-mail-plugins-3.18.0-1.mga8 sylpheed-3.7.0-4.1.mga8 libsylpheed0_1-3.7.0-4.1.mga8 libsylpheed-devel-3.7.0-4.1.mga8 from SRPMS: claws-mail-3.18.0-1.mga8.src.rpm sylpheed-3.7.0-4.1.mga8.src.rpm
Status comment: Fixed upstream in claws-mail 3.18.0, Patch available from Fedora for sylpheed => (none)Whiteboard: MGA8TOO => (none)Version: Cauldron => 8Assignee: bugsquad => qa-bugs
MGA8-64 Plasma on Lenovo B50 No installation issues. Tested both sylpheed and claws-mail to access my hotmail account. Receiving and sending to other account works OK in both.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Advisory: ======================== Updated sylpheed and claws-mail packages fix security vulnerability: The textview_uri_security_check() function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click (CVE-2021-37746). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6/
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0408.html
Status: NEW => RESOLVEDResolution: (none) => FIXED