Your message dated Wed, 17 Jun 2020 09:19:33 +0000
with message-id <[email protected]>
and subject line Bug#962897: fixed in mutt 1.14.3-1
has caused the Debian Bug report #962897,
regarding mutt: CVE-2020-14093
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
962897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mutt
Version: 1.14.0-1
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for mutt.

CVE-2020-14093[0]:
| Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle
| attack via a PREAUTH response.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-14093
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093
[1] 
https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: mutt
Source-Version: 1.14.3-1
Done: Antonio Radici <[email protected]>

We believe that the bug you reported is fixed in the latest version of
mutt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Radici <[email protected]> (supplier of updated mutt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 17 Jun 2020 10:46:34 +0200
Source: mutt
Architecture: source
Version: 1.14.3-1
Distribution: unstable
Urgency: medium
Maintainer: Mutt maintainers <[email protected]>
Changed-By: Antonio Radici <[email protected]>
Closes: 961894 962897
Changes:
 mutt (1.14.3-1) unstable; urgency=medium
 .
   * New upstream release.
     + Fixes CVE-2020-14093 (Closes: 962897)
     + Fixes failures on non-linear cert chains (Closes: 961894)
Checksums-Sha1:
 00d2037e784158445fc44a0767ac256d4475a8dc 2351 mutt_1.14.3-1.dsc
 8a3a897fd30a8ed6a1f412b360379104f02ec721 5003987 mutt_1.14.3.orig.tar.gz
 cd26f114f1078a8ca5b1af395a053923b8ff1db9 833 mutt_1.14.3.orig.tar.gz.asc
 9071997861eef630480f484482f3f8dbcd9732ed 56468 mutt_1.14.3-1.debian.tar.xz
 4b125b1f9cad6987e29531babaeb662501bd9ffa 7912 mutt_1.14.3-1_amd64.buildinfo
Checksums-Sha256:
 d2fb716a7f3abb7ef023e725864f3a044a22e8180e0a9e752170a49fde487430 2351 
mutt_1.14.3-1.dsc
 b1556df3333b0d874926ccc5d03dadbd0f680f302f9d44ebae1ec3c4c266a471 5003987 
mutt_1.14.3.orig.tar.gz
 51171e0b8cc34900fa1352df5355763aac6b97ebf9f8a2d1af16c09dafdfe632 833 
mutt_1.14.3.orig.tar.gz.asc
 8e53fbb5411389a71a36dc7ee02a45780bb219f99e91931d9e9de446f6847a71 56468 
mutt_1.14.3-1.debian.tar.xz
 4254b7758ecf3c81d9da198ba85dd271ad9bfb62900eb123b314c9930f94f900 7912 
mutt_1.14.3-1_amd64.buildinfo
Files:
 725262d0c3e15cbed1eefb5d068335a6 2351 mail optional mutt_1.14.3-1.dsc
 121e23c472852323337240d68ca1c41e 5003987 mail optional mutt_1.14.3.orig.tar.gz
 097d51b81c38fb8708f5ab589eab47b6 833 mail optional mutt_1.14.3.orig.tar.gz.asc
 5928d6b79a9e4e05831366c04ccfdd94 56468 mail optional 
mutt_1.14.3-1.debian.tar.xz
 aec9a1141275708f9d19745aa45763b6 7912 mail optional 
mutt_1.14.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEQObYrBkA1SRrfOa1NcjIiHLLHu0FAl7p248THGFudG9uaW9A
ZGViaWFuLm9yZwAKCRA1yMiIcsse7WznD/9g6+8Y1uLiIQ5iwJtJ+UIu3DxZQ3t1
dwQuIj7D6pHG/X2SbEmf2P9aQfYx/xoHGu7tTFJW6ZsAE1h3H0VceuxY8mqHEPqA
jFiJuYJeAzcpEDMTgKX+dSXlRjHEuE6mxCq3juanyG8fYUJw8JsAT7SbMiC8/6En
x1hB+N6RhkXB4OggKORijOTJDoOacoayQlvzb6ZqCxzigiJ+Fbq8t0Df9X3dBcTG
ycvQO+qOPN1fw7BzQGvoaWFHrFNaGaXMQ9gXWaY7FpBGL9lVyprZK4J55E1DNz7l
jdwk9gisQwlmEGYt7FhdvxHgTBH3gpywGdW+LRedOilaBdsuUjDzmNZpUsXMKitY
b6KwAoCvGI5VAdDc35ODDdBAcYM+l2cyAXHZGeC8PDbWbJGne9wbSP5MjGV+vU4H
8CDHh97s0RiNuAVI5G/5Ht3RUOgFc6jGv02pOZgv8h8oQAK0//ZZELR1+l5WMiW+
I9bFggtPjeVuZL71pRO6Y3XzuStSpucE2iD3FCEZ5rHSKPicYnyMHeAfCIYAq4x3
Y1/GjKksFHO5QwZa+2fz4TtDQaFO/sPUMlpoREaZJOGqyMc0OU5Xb1rAHCeeOAA8
IDVeIkhYCdl8I2o8AoJksVFgM2XSdproW+2m/PtN83mGLfcdZcieX2gbebSyWjCZ
YUreww7Xn6QcGA==
=ffUr
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to