Package "mutt"
| Name: |
mutt
|
Description: |
text-based mailreader supporting MIME, GPG, PGP and threading
|
| Latest version: |
1.9.4-3ubuntu0.6 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
main |
| Homepage: |
http://www.mutt.org/ |
Links
Download "mutt"
Other versions of "mutt" in Bionic
Changelog
|
mutt (1.9.4-3ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2022-1328.patch: Fix uudecode in handler.c.
- CVE-2022-1328
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 19 Apr 2022 11:32:51 -0300
|
| Source diff to previous version |
| CVE-2022-1328 |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line |
|
|
mutt (1.9.4-3ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-3181-1.patch: Fix memory leak parsing group addresses without a display name
in rfc822.c.
- debian/patches/CVE-2021-3181-2.patch: Don't allocate a group terminator unless we are in a group-list
in rfc822.c.
- debian/patches/CVE-2021-3181-3.patch: Add group terminator if it is left
off in rfc822.c.
- CVE-2021-3181
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 21 Jan 2021 13:10:01 -0300
|
| Source diff to previous version |
| CVE-2021-3181 |
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences |
|
|
mutt (1.9.4-3ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Sensitive information exposed
- debian/patches/CVE-2020-28896.patch: Ensure IMAP connection is closed
after a connection error in imap/imap.c.
- CVE-2020-28896
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Nov 2020 10:50:20 -0300
|
| Source diff to previous version |
| CVE-2020-28896 |
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was inva |
|
|
mutt (1.9.4-3ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
mutt_socket.c, mutt_socket.h, mutt_ssl.c, mutt_ssl_gnutls.c.
- CVE-2020-14954
* Redoing patch CVE-2020-14154-1, that causes a possibly regression (LP: #1884588)
-- <email address hidden> (Leonidas S. Barbosa) Mon, 22 Jun 2020 15:33:12 -0300
|
| Source diff to previous version |
| 1884588 |
Certificate problems sending mail |
| CVE-2020-14954 |
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" |
| CVE-2020-14154 |
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certifica |
|
|
mutt (1.9.4-3ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14093.patch: prevent
possible IMAP MITM via PREAUTH response in imap/imap.c.
- CVE-2020-14093
* SECURITY UPDATE: Connection even if the user rejects an
expired intermediate certificate
- debian/patches/CVE-2020-14154-1.patch: fix GnuTLS tls_verify_peers()
checking in mutt_ssl_gnutls.c.
- debian/patches/CVE-2020-14154-2.patch: Abort GnuTLS certificate if a
cert in the chain is rejected in mutt_ssl_gnutls.c.
- debian/patches/CVE-2020-14154-3.patch: fix GnuTLS interactive prompt
short-circuiting in mutt_ssl_gnutls.c.
- CVE-2020-14154
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jun 2020 09:51:03 -0300
|
| CVE-2020-14093 |
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. |
| CVE-2020-14154 |
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certifica |
|
About
-
Send Feedback to @ubuntu_updates
