UbuntuUpdates.org

Package "mutt"

Name: mutt

Description:

text-based mailreader supporting MIME, GPG, PGP and threading

Latest version: 1.13.2-1ubuntu0.6
Release: focal (20.04)
Level: security
Repository: main
Homepage: http://www.mutt.org/

Links


Download "mutt"


Other versions of "mutt" in Focal

Repository Area Version
base main 1.13.2-1
updates main 1.13.2-1ubuntu0.6

Changelog

Version: 1.13.2-1ubuntu0.1 2020-06-22 16:06:37 UTC

  mutt (1.13.2-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Man-in-the-middle attack
    - debian/patches/CVE-2020-14093.patch: prevent
      possible IMAP MITM via PREAUTH response in imap/imap.c.
    - CVE-2020-14093
  * SECURITY UPDATE: Connection even if the user rejects an
    expired intermediate certificate
    - debian/patches/CVE-2020-14154-1.patch: fix GnuTLS tls_verify_peers()
      checking in mutt_ssl_gnutls.c.
    - debian/patches/CVE-2020-14154-2.patch: Abort GnuTLS certificate if a
      cert in the chain is rejected in mutt_ssl_gnutls.c.
    - debian/patches/CVE-2020-14154-3.patch: fix GnuTLS interactive prompt
      short-circuiting in mutt_ssl_gnutls.c.
    - CVE-2020-14154

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Jun 2020 16:46:31 -0300

CVE-2020-14093 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
CVE-2020-14154 Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certifica



About   -   Send Feedback to @ubuntu_updates