Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
051723c3 by Sylvain Beucler at 2026-05-19T21:49:38+02:00
CVE-2026-43859--43864/mutt: bullseye postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10706,31 +10706,37 @@ CVE-2026-43864 (mutt before 2.3.2 has a
show_sig_summary NULL pointer dereferenc
- mutt <unfixed> (bug #1135699)
[trixie] - mutt <no-dsa> (Minor issue)
[bookworm] - mutt <no-dsa> (Minor issue)
+ [bullseye] - mutt <postponed> (Minor issue, DoS)
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/-/commit/ebfa2969042d89303d15334193fcc32866c8a8df
(mutt-2-3-2-rel)
CVE-2026-43863 (mutt before 2.3.2 has an infinite loop in
data_object_to_stream in cry ...)
- mutt <unfixed> (bug #1135699)
[trixie] - mutt <no-dsa> (Minor issue)
[bookworm] - mutt <no-dsa> (Minor issue)
+ [bullseye] - mutt <postponed> (Minor issue, DoS)
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/-/commit/fdc04a171777327218a1e78db504926c388b48c4
(mutt-2-3-2-rel)
CVE-2026-43862 (In mutt before 2.3.2, the imap_auth_gss security level is
mishandled.)
- mutt <unfixed> (bug #1135699)
[trixie] - mutt <no-dsa> (Minor issue)
[bookworm] - mutt <no-dsa> (Minor issue)
+ [bullseye] - mutt <postponed> (Minor issue)
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/-/commit/f547a849cdacb512800a5f477c27de217e1c8151
(mutt-2-3-2-rel)
CVE-2026-43861 (mutt before 2.3.2 does not check for '\0' in url_pct_decode.)
- mutt <unfixed> (bug #1135699)
[trixie] - mutt <no-dsa> (Minor issue)
[bookworm] - mutt <no-dsa> (Minor issue)
+ [bullseye] - mutt <postponed> (Minor issue, URL validation)
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/-/commit/12f54fe3b61f761c096fe95e95d5e3072af00ed2
(mutt-2-3-2-rel)
CVE-2026-43860 (mutt before 2.3.2 sometimes truncates the hash_passwd by one
byte for ...)
- mutt <unfixed> (bug #1135699)
[trixie] - mutt <no-dsa> (Minor issue)
[bookworm] - mutt <no-dsa> (Minor issue)
+ [bullseye] - mutt <postponed> (Minor issue, failed authentication in
corner case, no security impact)
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/-/commit/834c5a2ed0479e51e8662a31caed129f136f4805
(mutt-2-3-2-rel)
CVE-2026-43859 (mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for
the IMA ...)
- mutt <unfixed> (bug #1135699)
[trixie] - mutt <no-dsa> (Minor issue)
[bookworm] - mutt <no-dsa> (Minor issue)
+ [bullseye] - mutt <postponed> (Minor issue, failed authentication in
corner case, no security impact)
NOTE: Fixed by:
https://gitlab.com/muttmua/mutt/-/commit/834c5a2ed0479e51e8662a31caed129f136f4805
(mutt-2-3-2-rel)
CVE-2026-42370 (A stack overflow vulnerability exists in the WebCam Server
Login funct ...)
NOT-FOR-US: GeoVision
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/051723c32fc6fa59ef033fa5713fef4e6ed4f02d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/051723c32fc6fa59ef033fa5713fef4e6ed4f02d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
