Hacker News new | past | comments | ask | show | jobs | submit login

I don't know how sylpheed made it to HN, but just wanted to point out: They don't have any active development and don't do security fixes any more.

I found a command parameter injection via links in claws+sylpheed a while back (claws is originally a fork of sylpheed) that was fixed in claws and that I also reported to sylpheed, and it was never fixed (CVE-2021-37746 fwiw).




Do you know if any linux distributions ever fixed it in their packages?


At least Fedora did.

https://src.fedoraproject.org/rpms/sylpheed/blob/rawhide/f/s...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: