[Git][security-tracker-team/security-tracker][master] Add new mutt issues

Mon, 04 May 2026 00:21:48 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e961ae68 by Salvatore Bonaccorso at 2026-05-04T09:21:01+02:00
Add new mutt issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,17 +79,23 @@ CVE-2026-6948 (Velociraptor versions prior to 0.76.4 
contain a resource exhausti
 CVE-2026-5335 (The Magic Export & Import WordPress plugin before 1.2.0 stores 
exporte ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-43864 (mutt before 2.3.2 has a show_sig_summary NULL pointer 
dereference.)
-       TODO: check
+       - mutt <unfixed>
+       NOTE: Fixed by: 
https://github.com/muttmua/mutt/commit/ebfa2969042d89303d15334193fcc32866c8a8df 
(mutt-2-3-2-rel)
 CVE-2026-43863 (mutt before 2.3.2 has an infinite loop in 
data_object_to_stream in cry ...)
-       TODO: check
+       - mutt <unfixed>
+       NOTE: Fixed by: 
https://github.com/muttmua/mutt/commit/fdc04a171777327218a1e78db504926c388b48c4 
(mutt-2-3-2-rel)
 CVE-2026-43862 (In mutt before 2.3.2, the imap_auth_gss security level is 
mishandled.)
-       TODO: check
+       - mutt <unfixed>
+       NOTE: Fixed by: 
https://github.com/muttmua/mutt/commit/f547a849cdacb512800a5f477c27de217e1c8151 
(mutt-2-3-2-rel)
 CVE-2026-43861 (mutt before 2.3.2 does not check for '\0' in url_pct_decode.)
-       TODO: check
+       - mutt <unfixed>
+       NOTE: Fixed by: 
https://github.com/muttmua/mutt/commit/12f54fe3b61f761c096fe95e95d5e3072af00ed2 
(mutt-2-3-2-rel)
 CVE-2026-43860 (mutt before 2.3.2 sometimes truncates the hash_passwd by one 
byte for  ...)
-       TODO: check
+       - mutt <unfixed>
+       NOTE: Fixed by: 
https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805 
(mutt-2-3-2-rel)
 CVE-2026-43859 (mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for 
the IMA ...)
-       TODO: check
+       - mutt <unfixed>
+       NOTE: Fixed by: 
https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805 
(mutt-2-3-2-rel)
 CVE-2026-42370 (A stack overflow vulnerability exists in the WebCam Server 
Login funct ...)
        TODO: check
 CVE-2026-42369 (GV-VMS V20 is a Video Monitoring Software used to gather the 
feeds of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e961ae68293962f12206cb3abe11c63658280df8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e961ae68293962f12206cb3abe11c63658280df8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to