Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-1267: sylpheed <= 2.2.7 message forgery
Product: Fedora Extras
"Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when
invoking GnuPG, which prevents Sylpheed from visually distinguishing between
signed and unsigned portions of OpenPGP messages with multiple components, which
allows remote attackers to forge the contents of a message without detection."
This issue is reported against a suspiciously old version of Sylpheed; bug filed
for verification whether current versions in FE5+ are affected.
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.