Package "mutt"
Name: |
mutt
|
Description: |
text-based mailreader supporting MIME, GPG, PGP and threading
|
Latest version: |
1.5.24-1ubuntu0.5 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://www.mutt.org/ |
Links
Download "mutt"
Other versions of "mutt" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
mutt (1.5.24-1ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: Sensitive information exposed
- debian/patches/CVE-2020-28896.patch: Ensure IMAP connection is closed
after a connection error in imap/imap.c.
- CVE-2020-28896
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Nov 2020 10:51:05 -0300
|
Source diff to previous version |
CVE-2020-28896 |
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was inva |
|
mutt (1.5.24-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
mutt_socket.c, mutt_socket.h, mutt_ssl.c, mutt_ssl_gnutls.c.
- CVE-2020-14954
* Redoing patch CVE-2020-14154-1, that causes a possibly regression (LP: #1884588)
-- <email address hidden> (Leonidas S. Barbosa) Mon, 22 Jun 2020 17:26:12 -0300
|
Source diff to previous version |
1884588 |
Certificate problems sending mail |
CVE-2020-14954 |
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" |
CVE-2020-14154 |
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certifica |
|
mutt (1.5.24-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14093.patch: prevent
possible IMAP MITM via PREAUTH response in imap/imap.c.
- CVE-2020-14093
* SECURITY UPDATE: Connection even if the user rejects an
expired intermediate certificate
- debian/patches/CVE-2020-14154-1.patch: fix GnuTLS tls_verify_peers()
checking in mutt_ssl_gnutls.c.
- debian/patches/CVE-2020-14154-2.patch: Abort GnuTLS certificate if a
cert in the chain is rejected in mutt_ssl_gnutls.c.
- debian/patches/CVE-2020-14154-3.patch: fix GnuTLS interactive prompt
short-circuiting in mutt_ssl_gnutls.c.
- CVE-2020-14154
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jun 2020 10:02:48 -0300
|
Source diff to previous version |
CVE-2020-14093 |
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. |
CVE-2020-14154 |
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certifica |
|
mutt (1.5.24-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: apply all fixes to both mutt and mutt-patched
- debian/patches/series: re-order patch application (LP: #1794278)
-- Steve Beattie <email address hidden> Wed, 26 Sep 2018 12:43:56 -0700
|
Source diff to previous version |
1794278 |
Security patches not applied to xenial mutt |
|
mutt (1.5.24-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Mishandles a NO response without a msg
- debian/patches/ubuntu/mutt-CVE-2018-14349.patch: fix in
imap/command.c.
- CVE-2018-14349
* SECURITY UPDATE: Stack-based buffer overflow
- debian/patches/ubuntu/mutt-CVE-2018-14350-CVE-2018-14358.patch:
fix in imap/message.c.
- CVE-2018-14350
- CVE-2018-14358
* SECURITY UPDATE: Mishandles a long IMAP status
- debian/patches/ubuntu/mutt-CVE-2018-14351.patch: fix in
imap/command.c.
- CVE-2018-14351
* SECURITY UPDATE: Integer underflow and stack-based buffer overflow
- debian/patches/ubuntu/mutt-CVE-2018-14352-CVE-2018-14353.patch:
fix in imap/util.c.
- CVE-2018-14352
- CVE-2018-14353
* SECURITY UPDATE: Remote arbitrary code execution
- debian/patches/ubuntu/mutt-CVE-2018-14354-CVE-2018-14357.patch:
fix in imap/command.c, imap/imap.c, imap/imap_private.h, imap/util.c.
- CVE-2018-14354
- CVE-2018-14357
* SECURITY UPDATE: Directory traversal
- debian/patches/ubuntu/mutt-CVE-2018-14355.patch: fix in
imap/util.c.
- CVE-2018-14355
* SECURITY UPDATE: Mishandles a zero-lenght UID
- debian/patches/ubuntu/mutt-CVE-2018-14356.patch: fix in
pop.c.
- CVE-2018-14356
* SECURITY UPDATE: Buffer overflow
- debian/patches/ubuntu/mutt-CVE-2018-14359.patch: fix in
base64.c, imap/auth_cram.c, imap/auth_gss.c, protos.h.
- CVE-2018-14359
* SECURITY UPDATE: Unsafe character interactions
- debian/patches/ubuntu/mutt-CVE-2018-14362.patch: fix in
pop.c.
- CVE-2018-14362
-- <email address hidden> (Leonidas S. Barbosa) Thu, 19 Jul 2018 10:31:16 -0300
|
CVE-2018-14349 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. |
CVE-2018-14350 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response wi |
CVE-2018-14358 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response wi |
CVE-2018-14351 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. |
CVE-2018-14352 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote character |
CVE-2018-14353 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. |
CVE-2018-14354 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquo |
CVE-2018-14357 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquo |
CVE-2018-14355 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. |
CVE-2018-14356 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. |
CVE-2018-14359 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. |
CVE-2018-14362 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with m |
|
About
-
Send Feedback to @ubuntu_updates