DEBIAN-CVE-2007-1267

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2007-1267
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2007-1267.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2007-1267
Upstream
Published
2007-03-06T20:19:00Z
Modified
2025-10-10T19:31:21.672188Z
Summary
[none]
Details

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

References

Affected packages

Debian:11 / sylpheed

Package

Name
sylpheed
Purl
pkg:deb/debian/sylpheed?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.0-8
3.8.0~beta1-1
3.8.0~beta1-2
3.8.0~beta1-3

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / sylpheed

Package

Name
sylpheed
Purl
pkg:deb/debian/sylpheed?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.0~beta1-1
3.8.0~beta1-2
3.8.0~beta1-3

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / sylpheed

Package

Name
sylpheed
Purl
pkg:deb/debian/sylpheed?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.0~beta1-2
3.8.0~beta1-3

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:14 / sylpheed

Package

Name
sylpheed
Purl
pkg:deb/debian/sylpheed?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8.0~beta1-2
3.8.0~beta1-3

Ecosystem specific 

{
    "urgency": "unimportant"
}