Hi Antonio, On Sun, Sep 10, 2023 at 03:57:58PM +0200, Antonio Radici wrote: > On Sun, Sep 10, 2023 at 01:38:33PM +0200, Salvatore Bonaccorso wrote: > > Hi Antonio, > > > > FWIW, I have done the bookworm-security upload already to > > security-master, and still working on the bullseye-security one (with > > plan to release the DSA tonight ideally). > > Ack, thanks for the update, I assume this was a particularly serious issue > that > had to be handled immediately!
In retrospect, I'm not completely sure, but better to be on the safe side in this case. The NULL pointer dereference flaw reported by Chenyuan Mi is one when composing from a specially crafted draft message, so rather on the harmless side, but the second is when viewing a message with specially crafted headers, leading to a crash. OTOH it is isolated to such an email, when viewing a message with specially crafted headers, see the commit https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0 in particular. I agree that maybe I should have waited for you for comments, which I try to remember to keep in mind for any future occurence. Regards, Salvatore
