mutt (1.5.21-5ubuntu2.6) precise-security; urgency=medium
* SECURITY UPDATE: Sensitive information exposed
- debian/patches/CVE-2020-28896.patch: Ensure IMAP connection is closed
after a connection error in imap/imap.c.
- CVE-2020-28896
mutt (1.5.21-5ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14954.patch: fix STARTTLS response injection
attack clearing the CONNECTION input buffer in mutt_ssl_starttls() in
mutt_socket.c, mutt_socket.h, mutt_ssl.c, mutt_ssl_gnutls.c.
- CVE-2020-14954
* Redoing patch CVE-2020-14154-1, that causes a possibly regression (LP:
#1884588)
mutt (1.5.21-5ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: Man-in-the-middle attack
- debian/patches/CVE-2020-14093.patch: prevent
possible IMAP MITM via PREAUTH response in imap/imap.c.
- CVE-2020-14093
* SECURITY UPDATE: Connection even if the user rejects an
expired intermediate certificate
- debian/patches/CVE-2020-14154-1.patch: fix GnuTLS tls_verify_peers()
checking in mutt_ssl_gnutls.c.
- debian/patches/CVE-2020-14154-2.patch: Abort GnuTLS certificate if a
cert in the chain is rejected in mutt_ssl_gnutls.c.
- debian/patches/CVE-2020-14154-3.patch: fix GnuTLS interactive prompt
short-circuiting in mutt_ssl_gnutls.c.
- CVE-2020-14154
mutt (1.5.21-5ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: Mishandles a NO response without a msg
- debian/patches/ubuntu/mutt-CVE-2018-14349.patch: fix in
imap/command.c.
- CVE-2018-14349
* SECURITY UPDATE: Stack-based buffer overflow
- debian/patches/ubuntu/mutt-CVE-2018-14350-CVE-2018-14358.patch:
fix in imap/message.c.
- CVE-2018-14350
- CVE-2018-14358
* SECURITY UPDATE: Mishandles a long IMAP status
- debian/patches/ubuntu/mutt-CVE-2018-14351.patch: fix in
imap/command.c.
- CVE-2018-14351
* SECURITY UPDATE: Integer underflow and stack-based buffer overflow
- debian/patches/ubuntu/mutt-CVE-2018-14352-CVE-2018-14353.patch:
fix in imap/util.c.
- CVE-2018-14352
- CVE-2018-14353
* SECURITY UPDATE: Remote arbitrary code execution
- debian/patches/ubuntu/mutt-CVE-2018-14354-CVE-2018-14357.patch:
fix in imap/command.c, imap/imap.c, imap/imap_private.h, imap/util.c.
- CVE-2018-14354
- CVE-2018-14357
* SECURITY UPDATE: Directory traversal
- debian/patches/ubuntu/mutt-CVE-2018-14355.patch: fix in
imap/util.c.
- CVE-2018-14355
* SECURITY UPDATE: Mishandles a zero-lenght UID
- debian/patches/ubuntu/mutt-CVE-2018-14356.patch: fix in
pop.c.
- CVE-2018-14356
* SECURITY UPDATE: Buffer overflow
- debian/patches/ubuntu/mutt-CVE-2018-14359.patch: fix in
base64.c, imap/auth_cram.c, imap/auth_gss.c, protos.h.
- CVE-2018-14359
* SECURITY UPDATE: Unsafe character interactions
- debian/patches/ubuntu/mutt-CVE-2018-14362.patch: fix in
pop.c.
- CVE-2018-14362
Date: 2020-11-24 14:27:31.448750+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.6
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes