Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28896 (GCVE-0-2020-28896)
Vulnerability from cvelistv5 – Published: 2020-11-23 18:52 – Updated: 2024-08-04 16:41
VLAI?
EPSS
Summary
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:41:00.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"name": "GLSA-202101-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-27T02:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"name": "GLSA-202101-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f",
"refsource": "MISC",
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"name": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a",
"refsource": "MISC",
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"name": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"name": "https://github.com/neomutt/neomutt/releases/tag/20201120",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"name": "GLSA-202101-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28896",
"datePublished": "2020-11-23T18:52:13",
"dateReserved": "2020-11-17T00:00:00",
"dateUpdated": "2024-08-04T16:41:00.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.2\", \"matchCriteriaId\": \"7C51D970-ABF4-465F-9C6D-0AB13AC6D84F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2020-11-20\", \"matchCriteriaId\": \"6EFDF3E8-5AB3-490C-B9E0-4E2B38E07E42\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.\"}, {\"lang\": \"es\", \"value\": \"Mutt versiones anteriores a 2.0.2 y NeoMutt anterior al 20-11-2020 no aseguraron que $ssl_force_tls fuera procesado si la respuesta inicial del servidor de un servidor IMAP no era v\\u00e1lida.\u0026#xa0;La conexi\\u00f3n no se cerr\\u00f3 correctamente y el c\\u00f3digo podr\\u00eda seguir intentando autenticarse.\u0026#xa0;Esto podr\\u00eda resultar en que las credenciales de autenticaci\\u00f3n se expongan en una conexi\\u00f3n no cifrada o en una m\\u00e1quina en el medio\"}]",
"id": "CVE-2020-28896",
"lastModified": "2024-11-21T05:23:14.600",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-11-23T19:15:11.413",
"references": "[{\"url\": \"https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/neomutt/neomutt/releases/tag/20201120\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-32\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/neomutt/neomutt/releases/tag/20201120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}, {\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28896\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-23T19:15:11.413\",\"lastModified\":\"2024-11-21T05:23:14.600\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.\"},{\"lang\":\"es\",\"value\":\"Mutt versiones anteriores a 2.0.2 y NeoMutt anterior al 20-11-2020 no aseguraron que $ssl_force_tls fuera procesado si la respuesta inicial del servidor de un servidor IMAP no era v\u00e1lida.\u0026#xa0;La conexi\u00f3n no se cerr\u00f3 correctamente y el c\u00f3digo podr\u00eda seguir intentando autenticarse.\u0026#xa0;Esto podr\u00eda resultar en que las credenciales de autenticaci\u00f3n se expongan en una conexi\u00f3n no cifrada o en una m\u00e1quina en el medio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"},{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.2\",\"matchCriteriaId\":\"7C51D970-ABF4-465F-9C6D-0AB13AC6D84F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2020-11-20\",\"matchCriteriaId\":\"6EFDF3E8-5AB3-490C-B9E0-4E2B38E07E42\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/neomutt/neomutt/releases/tag/20201120\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-32\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/neomutt/neomutt/releases/tag/20201120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2020:14551-1
Vulnerability from csaf_suse - Published: 2020-11-30 15:57 - Updated: 2020-11-30 15:57Summary
Security update for mutt
Notes
Title of the patch
Security update for mutt
Description of the patch
This update for mutt fixes the following issues:
- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)
Patchnames
sleposp3-mutt-14551,slessp4-mutt-14551
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mutt fixes the following issues:\n\n- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)\n- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-mutt-14551,slessp4-mutt-14551",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14551-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:14551-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014551-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:14551-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007894.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for mutt",
"tracking": {
"current_release_date": "2020-11-30T15:57:54Z",
"generator": {
"date": "2020-11-30T15:57:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:14551-1",
"initial_release_date": "2020-11-30T15:57:54Z",
"revision_history": [
{
"date": "2020-11-30T15:57:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.5.17-42.56.1.i586",
"product": {
"name": "mutt-1.5.17-42.56.1.i586",
"product_id": "mutt-1.5.17-42.56.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.5.17-42.56.1.ppc64",
"product": {
"name": "mutt-1.5.17-42.56.1.ppc64",
"product_id": "mutt-1.5.17-42.56.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.5.17-42.56.1.s390x",
"product": {
"name": "mutt-1.5.17-42.56.1.s390x",
"product_id": "mutt-1.5.17-42.56.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.5.17-42.56.1.x86_64",
"product": {
"name": "mutt-1.5.17-42.56.1.x86_64",
"product_id": "mutt-1.5.17-42.56.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.5.17-42.56.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.56.1.i586"
},
"product_reference": "mutt-1.5.17-42.56.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.5.17-42.56.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.i586"
},
"product_reference": "mutt-1.5.17-42.56.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.5.17-42.56.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.ppc64"
},
"product_reference": "mutt-1.5.17-42.56.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.5.17-42.56.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.s390x"
},
"product_reference": "mutt-1.5.17-42.56.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.5.17-42.56.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.x86_64"
},
"product_reference": "mutt-1.5.17-42.56.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.56.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.56.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.56.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-30T15:57:54Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
SUSE-SU-2020:3632-1
Vulnerability from csaf_suse - Published: 2020-12-07 10:50 - Updated: 2020-12-07 10:50Summary
Security update for mutt
Notes
Title of the patch
Security update for mutt
Description of the patch
This update for mutt fixes the following issues:
- Find and display the content of messages properly. (bsc#1179461)
- CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113)
Patchnames
HPE-Helion-OpenStack-8-2020-3632,SUSE-2020-3632,SUSE-OpenStack-Cloud-7-2020-3632,SUSE-OpenStack-Cloud-8-2020-3632,SUSE-OpenStack-Cloud-9-2020-3632,SUSE-OpenStack-Cloud-Crowbar-8-2020-3632,SUSE-OpenStack-Cloud-Crowbar-9-2020-3632,SUSE-SLE-SAP-12-SP2-2020-3632,SUSE-SLE-SAP-12-SP3-2020-3632,SUSE-SLE-SAP-12-SP4-2020-3632,SUSE-SLE-SERVER-12-SP2-2020-3632,SUSE-SLE-SERVER-12-SP2-BCL-2020-3632,SUSE-SLE-SERVER-12-SP3-2020-3632,SUSE-SLE-SERVER-12-SP3-BCL-2020-3632,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3632,SUSE-SLE-SERVER-12-SP5-2020-3632,SUSE-Storage-5-2020-3632
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mutt fixes the following issues:\n\n- Find and display the content of messages properly. (bsc#1179461)\n- CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035)\n- Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-3632,SUSE-2020-3632,SUSE-OpenStack-Cloud-7-2020-3632,SUSE-OpenStack-Cloud-8-2020-3632,SUSE-OpenStack-Cloud-9-2020-3632,SUSE-OpenStack-Cloud-Crowbar-8-2020-3632,SUSE-OpenStack-Cloud-Crowbar-9-2020-3632,SUSE-SLE-SAP-12-SP2-2020-3632,SUSE-SLE-SAP-12-SP3-2020-3632,SUSE-SLE-SAP-12-SP4-2020-3632,SUSE-SLE-SERVER-12-SP2-2020-3632,SUSE-SLE-SERVER-12-SP2-BCL-2020-3632,SUSE-SLE-SERVER-12-SP3-2020-3632,SUSE-SLE-SERVER-12-SP3-BCL-2020-3632,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3632,SUSE-SLE-SERVER-12-SP5-2020-3632,SUSE-Storage-5-2020-3632",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3632-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3632-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203632-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3632-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007921.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE Bug 1179461",
"url": "https://bugzilla.suse.com/1179461"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for mutt",
"tracking": {
"current_release_date": "2020-12-07T10:50:59Z",
"generator": {
"date": "2020-12-07T10:50:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3632-1",
"initial_release_date": "2020-12-07T10:50:59Z",
"revision_history": [
{
"date": "2020-12-07T10:50:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-55.18.1.aarch64",
"product": {
"name": "mutt-1.10.1-55.18.1.aarch64",
"product_id": "mutt-1.10.1-55.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-55.18.1.i586",
"product": {
"name": "mutt-1.10.1-55.18.1.i586",
"product_id": "mutt-1.10.1-55.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-55.18.1.ppc64le",
"product": {
"name": "mutt-1.10.1-55.18.1.ppc64le",
"product_id": "mutt-1.10.1-55.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-55.18.1.s390",
"product": {
"name": "mutt-1.10.1-55.18.1.s390",
"product_id": "mutt-1.10.1-55.18.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-55.18.1.s390x",
"product": {
"name": "mutt-1.10.1-55.18.1.s390x",
"product_id": "mutt-1.10.1-55.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-55.18.1.x86_64",
"product": {
"name": "mutt-1.10.1-55.18.1.x86_64",
"product_id": "mutt-1.10.1-55.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.s390x"
},
"product_reference": "mutt-1.10.1-55.18.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.s390x"
},
"product_reference": "mutt-1.10.1-55.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.aarch64"
},
"product_reference": "mutt-1.10.1-55.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.s390x"
},
"product_reference": "mutt-1.10.1-55.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.aarch64"
},
"product_reference": "mutt-1.10.1-55.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.s390x"
},
"product_reference": "mutt-1.10.1-55.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.aarch64"
},
"product_reference": "mutt-1.10.1-55.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.s390x"
},
"product_reference": "mutt-1.10.1-55.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.aarch64"
},
"product_reference": "mutt-1.10.1-55.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.ppc64le"
},
"product_reference": "mutt-1.10.1-55.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.s390x"
},
"product_reference": "mutt-1.10.1-55.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.aarch64"
},
"product_reference": "mutt-1.10.1-55.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-55.18.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.x86_64"
},
"product_reference": "mutt-1.10.1-55.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.s390x",
"SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 9:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:mutt-1.10.1-55.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.s390x",
"SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 9:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:mutt-1.10.1-55.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Enterprise Storage 5:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:mutt-1.10.1-55.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.s390x",
"SUSE OpenStack Cloud 7:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud 9:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:mutt-1.10.1-55.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:mutt-1.10.1-55.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T10:50:59Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
SUSE-SU-2020:3568-1
Vulnerability from csaf_suse - Published: 2020-11-30 15:59 - Updated: 2020-11-30 15:59Summary
Security update for mutt
Notes
Title of the patch
Security update for mutt
Description of the patch
This update for mutt fixes the following issues:
- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)
Patchnames
SUSE-2020-3568,SUSE-SLE-Module-Basesystem-15-SP1-2020-3568,SUSE-SLE-Module-Basesystem-15-SP2-2020-3568,SUSE-SLE-Module-Basesystem-15-SP3-2020-3568,SUSE-SLE-Product-HPC-15-2020-3568,SUSE-SLE-Product-SLES-15-2020-3568,SUSE-SLE-Product-SLES_SAP-15-2020-3568
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mutt fixes the following issues:\n\n- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)\n- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3568,SUSE-SLE-Module-Basesystem-15-SP1-2020-3568,SUSE-SLE-Module-Basesystem-15-SP2-2020-3568,SUSE-SLE-Module-Basesystem-15-SP3-2020-3568,SUSE-SLE-Product-HPC-15-2020-3568,SUSE-SLE-Product-SLES-15-2020-3568,SUSE-SLE-Product-SLES_SAP-15-2020-3568",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3568-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3568-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203568-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3568-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007891.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for mutt",
"tracking": {
"current_release_date": "2020-11-30T15:59:08Z",
"generator": {
"date": "2020-11-30T15:59:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3568-1",
"initial_release_date": "2020-11-30T15:59:08Z",
"revision_history": [
{
"date": "2020-11-30T15:59:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-3.11.1.aarch64",
"product": {
"name": "mutt-1.10.1-3.11.1.aarch64",
"product_id": "mutt-1.10.1-3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-3.11.1.i586",
"product": {
"name": "mutt-1.10.1-3.11.1.i586",
"product_id": "mutt-1.10.1-3.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-doc-1.10.1-3.11.1.noarch",
"product": {
"name": "mutt-doc-1.10.1-3.11.1.noarch",
"product_id": "mutt-doc-1.10.1-3.11.1.noarch"
}
},
{
"category": "product_version",
"name": "mutt-lang-1.10.1-3.11.1.noarch",
"product": {
"name": "mutt-lang-1.10.1-3.11.1.noarch",
"product_id": "mutt-lang-1.10.1-3.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-3.11.1.ppc64le",
"product": {
"name": "mutt-1.10.1-3.11.1.ppc64le",
"product_id": "mutt-1.10.1-3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-3.11.1.s390x",
"product": {
"name": "mutt-1.10.1-3.11.1.s390x",
"product_id": "mutt-1.10.1-3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-3.11.1.x86_64",
"product": {
"name": "mutt-1.10.1-3.11.1.x86_64",
"product_id": "mutt-1.10.1-3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.aarch64"
},
"product_reference": "mutt-1.10.1-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.ppc64le"
},
"product_reference": "mutt-1.10.1-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.s390x"
},
"product_reference": "mutt-1.10.1-3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.x86_64"
},
"product_reference": "mutt-1.10.1-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-doc-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-lang-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.aarch64"
},
"product_reference": "mutt-1.10.1-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.ppc64le"
},
"product_reference": "mutt-1.10.1-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.s390x"
},
"product_reference": "mutt-1.10.1-3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.x86_64"
},
"product_reference": "mutt-1.10.1-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-doc-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-lang-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.aarch64"
},
"product_reference": "mutt-1.10.1-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.x86_64"
},
"product_reference": "mutt-1.10.1-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-doc-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-lang-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.aarch64"
},
"product_reference": "mutt-1.10.1-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.x86_64"
},
"product_reference": "mutt-1.10.1-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.aarch64"
},
"product_reference": "mutt-1.10.1-3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.ppc64le"
},
"product_reference": "mutt-1.10.1-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.s390x"
},
"product_reference": "mutt-1.10.1-3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.x86_64"
},
"product_reference": "mutt-1.10.1-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.ppc64le"
},
"product_reference": "mutt-1.10.1-3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-3.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.x86_64"
},
"product_reference": "mutt-1.10.1-3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:mutt-doc-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-3.11.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:mutt-lang-1.10.1-3.11.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-3.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-lang-1.10.1-3.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-lang-1.10.1-3.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server 15-LTSS:mutt-lang-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-1.10.1-3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-doc-1.10.1-3.11.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:mutt-lang-1.10.1-3.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-30T15:59:08Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2020:2158-1
Vulnerability from csaf_opensuse - Published: 2020-12-04 09:23 - Updated: 2020-12-04 09:23Summary
Security update for neomutt
Notes
Title of the patch
Security update for neomutt
Description of the patch
This update for neomutt fixes the following issues:
Update neomutt to 20201120. Address boo#1179035, CVE-2020-28896.
* Security
- imap: close connection on all failures
* Features
- alias: add function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
- Changes from 20200925
* Features
- Compose: display user-defined headers
- Address Book / Query: live sorting
- Address Book / Query: patterns for searching
- Config: Add '+=' and '-=' operators for String Lists
- Config: Add '+=' operator for Strings
- Allow postfix query ':setenv NAME?' for env vars
* Bug Fixes
- Fix crash when searching with invalid regexes
- Compose: Prevent infinite loop of send2-hooks
- Fix sidebar on new/removed mailboxes
- Restore indentation for named mailboxes
- Prevent half-parsing an alias
- Remove folder creation prompt for POP path
- Show error if $message_cachedir doesn't point to a valid directory
- Fix tracking LastDir in case of IMAP paths with Unicode characters
- Make sure all mail gets applied the index limit
- Add warnings to -Q query CLI option
- Fix index tracking functionality
* Changed Config
- Add $compose_show_user_headers (yes)
* Translations
- 100% Czech
- 100% Lithuanian
- Split up usage strings
* Build
- Run shellcheck on hcachever.sh
- Add the Address Sanitizer
- Move compose files to lib under compose/
- Move address config into libaddress
- Update to latest acutest - fixes a memory leak in the unit tests
* Code
- Implement ARRAY API
- Deglobalised the Config Sort functions
- Refactor the Sidebar to be Event-Driven
- Refactor the Color Event
- Refactor the Commands list
- Make ctx_update_tables private
- Reduce the scope/deps of some Validator functions
- Use the Email's IMAP UID instead of an increasing number as index
- debug: log window focus
- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch.
No longer needed.
- Update to 20200821:
* Bug Fixes
- fix maildir flag generation
- fix query notmuch if file is missing
- notmuch: don't abort sync on error
- fix type checking for send config variables
* Changed Config
- $sidebar_format - Use %D rather than %B for named mailboxes
* Translations
- 96% Lithuanian
- 90% Polish
- fix(sidebar): abbreviate/shorten what user sees
- Fix sidebar mailbox name display problem.
- Update to 20200814:
* Notes
- Add one-liner docs to config items
See: neomutt -O -Q smart_wrap
- Remove the built-in editor
A large unused and unusable feature
* Security
- Add mitigation against DoS from thousands of parts
boo#1179113
* Features
- Allow index-style searching in postpone menu
- Open NeoMutt using a mailbox name
- Add cd command to change the current working directory
- Add tab-completion menu for patterns
- Allow renaming existing mailboxes
- Check for missing attachments in alternative parts
- Add one-liner docs to config items
* Bug Fixes
- Fix logic in checking an empty From address
- Fix Imap crash in cmd_parse_expunge()
- Fix setting attributes with S-Lang
- Fix: redrawing of $pager_index_lines
- Fix progress percentage for syncing large mboxes
- Fix sidebar drawing in presence of indentation + named mailboxes
- Fix retrieval of drafts when 'postponed' is not in the mailboxes list
- Do not add comments to address group terminators
- Fix alias sorting for degenerate addresses
- Fix attaching emails
- Create directories for nonexistent file hcache case
- Avoid creating mailboxes for failed subscribes
- Fix crash if rejecting cert
* Changed Config
- Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed
- Change default of $crypt_protected_headers_subject to '...'
- Add default keybindings to history-up/down
* Translations
- 100% Czech
- 100% Spanish
* Build
- Allow building against Lua 5.4
- Fix when sqlite3.h is missing
* Docs
- Add a brief section on stty to the manual
- Update section 'Terminal Keybindings' in the manual
- Clarify PGP Pseudo-header S<id> duration
* Code
- Clean up String API
- Make the Sidebar more independent
- De-centralise the Config Variables
- Refactor dialogs
- Refactor: Help Bar generation
- Make more APIs Context-free
- Adjust the edata use in Maildir and Notmuch
- Window refactoring
- Convert libsend to use Config functions
- Refactor notifications to reduce noise
- Convert Keymaps to use STAILQ
- Track currently selected email by msgid
- Config: no backing global variable
- Add events for key binding
* Upstream
- Fix imap postponed mailbox use-after-free error
- Speed up thread sort when many long threads exist
- Fix ~v tagging when switching to non-threaded sorting
- Add message/global to the list of known 'message' types
- Print progress meter when copying/saving tagged messages
- Remove ansi formatting from autoview generated quoted replies
- Change postpone mode to write Date header too
- Unstuff format=flowed
- Update to 20200626:
* Bug Fixes
- Avoid opening the same hcache file twice
- Re-open Mailbox after folder-hook
- Fix the matching of the spoolfile Mailbox
- Fix link-thread to link all tagged emails
* Changed Config
- Add $tunnel_is_secure config, defaulting to true
* Upstream
- Don't check IMAP PREAUTH encryption if $tunnel is in use
- Add recommendation to use $ssl_force_tls
- Changes from 20200501:
* Security
- Abort GnuTLS certificate check if a cert in the chain is rejected
CVE-2020-14154 boo#1172906
- TLS: clear data after a starttls acknowledgement
CVE-2020-14954 boo#1173197
- Prevent possible IMAP MITM via PREAUTH response
CVE-2020-14093 boo#1172935
* Features
- add config operations +=/-= for number,long
- Address book has a comment field
- Query menu has a comment field
* Contrib
sample.neomuttrc-starter: Do not echo prompted password
* Bug Fixes
- make 'news://' and 'nntp://' schemes interchangeable
- Fix CRLF to LF conversion in base64 decoding
- Double comma in query
- compose: fix redraw after history
- Crash inside empty query menu
- mmdf: fix creating new mailbox
- mh: fix creating new mailbox
- mbox: error out when an mbox/mmdf is a pipe
- Fix list-reply by correct parsing of List-Post headers
- Decode references according to RFC2047
- fix tagged message count
- hcache: fix keylen not being considered when building the full key
- sidebar: fix path comparison
- Don't mess with the original pattern when running IMAP searches
- Handle IMAP 'NO' resps by issuing a msg instead of failing badly
- imap: use the connection delimiter if provided
- Memory leaks
* Changed Config
- $alias_format default changed to include %c comment
- $query_format default changed to include %e extra info
* Translations
- 100% Lithuanian
- 84% French
- Log the translation in use
* Docs
- Add missing commands unbind, unmacro to man pages
* Build
- Check size of long using LONG_MAX instead of __WORDSIZE
- Allow ./configure to not record cflags
- fix out-of-tree build
- Avoid locating gdbm symbols in qdbm library
* Code
- Refactor unsafe TAILQ returns
- add window notifications
- flip negative ifs
- Update to latest acutest.h
- test: add store tests
- test: add compression tests
- graphviz: email
- make more opcode info available
- refactor: main_change_folder()
- refactor: mutt_mailbox_next()
- refactor: generate_body()
- compress: add {min,max}_level to ComprOps
- emphasise empty loops: '// do nothing'
- prex: convert is_from() to use regex
- Refactor IMAP's search routines
- Update to 20200501:
* Bug Fixes
- Make sure buffers are initialized on error
- fix(sidebar): use abbreviated path if possible
* Translations
- 100% Lithuanian
* Docs
- make header cache config more explicit
- Changes from 20200424:
* Bug Fixes
- Fix history corruption
- Handle pretty much anything in a URL query part
- Correctly parse escaped characters in header phrases
- Fix crash reading received header
- Fix sidebar indentation
- Avoid crashing on failure to parse an IMAP mailbox
- Maildir: handle deleted emails correctly
- Ensure OP_NULL is always first
* Translations
- 100% Czech
* Build
- cirrus: enable pcre2, make pkgconf a special case
- Fix finding pcre2 w/o pkgconf
- build: tdb.h needs size_t, bring it in with stddef.h
- Changes from 20200417:
* Features
- Fluid layout for Compose Screen, see: vimeo.com/407231157
- Trivial Database (TDB) header cache backend
- RocksDB header cache backend
- Add <sidebar-first> and <sidebar-last> functions
* Bug Fixes
- add error for CLI empty emails
- Allow spaces and square brackets in paths
- browser: fix hidden mailboxes
- fix initial email display
- notmuch: fix time window search.
- fix resize bugs
- notmuch: fix entire-thread: update current email pointer
- sidebar: support indenting and shortening of names
- Handle variables inside backticks in sidebar_whitelist
- browser: fix mask regex error reporting
* Translations
- 100% Lithuanian
- 99% Chinese (simplified)
* Build
- Use regexes for common parsing tasks: urls, dates
- Add configure option --pcre2 -- Enable PCRE2 regular expressions
- Add configure option --tdb -- Use TDB for the header cache
- Add configure option --rocksdb -- Use RocksDB for the header cache
- Create libstore (key/value backends)
- Update to latest autosetup
- Update to latest acutest.h
- Rename doc/ directory to docs/
- make: fix location of .Po dependency files
- Change libcompress to be more universal
- Fix test fails on х32
- fix uidvalidity to unsigned 32-bit int
* Code
- Increase test coverage
- Fix memory leaks
- Fix null checks
* Upstream
- Buffer refactoring
- Fix use-after-free in mutt_str_replace()
- Clarify PGP Pseudo-header S<id> duration
- Try to respect MUTT_QUIET for IMAP contexts too
- Limit recurse depth when parsing mime messages
- Update to 20200320:
* Bug Fixes
- Fix COLUMNS env var
- Fix sync after delete
- Fix crash in notmuch
- Fix sidebar indent
- Fix emptying trash
- Fix command line sending
- Fix reading large address lists
- Resolve symlinks only when necessary
* Translations
- lithuania 100% Lithuanian
- es 96% Spanish
* Docs
- Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output
- Fix case of GPGME and SQLite
* Build
- Create libcompress (lz4, zlib, zstd)
- Create libhistory
- Create libbcache
- Move zstrm to libconn
* Code
- Add more test coverage
- Rename magic to type
- Use mutt_file_fopen() on config variables
- Change commands to use intptr_t for data
- Update to 20200313:
* Window layout
- Sidebar is only visible when it's usable.
* Features
- UI: add number of old messages to sidebar_format
- UI: support ISO 8601 calendar date
- UI: fix commands that don’t need to have a non-empty mailbox
to be valid
- PGP: inform about successful decryption of inline PGP
messages
- PGP: try to infer the signing key from the From address
- PGP: enable GPGMe by default
- Notmuch: use query as name for vfolder-from-query
- IMAP: add network traffic compression
(COMPRESS=DEFLATE, RFC4978)
- Header cache: add support for generic header cache
compression
* Bug Fixes
- Fix uncollapse_jump
- Only try to perform entire-thread on maildir/mh mailboxes
- Fix crash in pager
- Avoid logging single new lines at the end of header fields
- Fix listing mailboxes
- Do not recurse a non-threaded message
- Fix initial window order
- Fix leaks on IMAP error paths
- Notmuch: compose(attach-message): support notmuch backend
- Fix IMAP flag comparison code
- Fix $move for IMAP mailboxes
- Maildir: maildir_mbox_check_stats should only update mailbox
stats if requested
- Fix unmailboxes for virtual mailboxes
- Maildir: sanitize filename before hashing
- OAuth: if 'login' name isn't available use 'user'
- Add error message on failed encryption
- Fix a bunch of crashes
- Force C locale for email date
- Abort if run without a terminal
* Changed Config
- $crypt_use_gpgme - Now defaults to 'yes' (enabled)
- $abort_backspace - Hitting backspace against an empty prompt
aborts the prompt
- $abort_key - String representation of key to abort prompts
- $arrow_string - Use an custom string for arrow_cursor
- $crypt_opportunistic_encrypt_strong_keys - Enable encryption
only when strong a key is available
- $header_cache_compress_dictionary - Filepath to dictionary
for zstd compression
- $header_cache_compress_level - Level of compression for
method
- $header_cache_compress_method - Enable generic hcache
database compression
- $imap_deflate - Compress network traffic
- $smtp_user - Username for the SMTP server
* Translations
- 100% Lithuanian
- 81% Spanish
- 78% Russian
* Build
- Add libdebug
- Rename public headers to lib.h
- Create libcompress for compressed folders code
* Code
- Refactor Windows and Dialogs
- Lots of code tidying
- Refactor: mutt_addrlist_{search,write}
- Lots of improvements to the Config code
- Use Buffers more pervasively
- Unify API function naming
- Rename library shared headers
- Refactor libconn gui dependencies
- Refactor: init.[ch]
- Refactor config to use subsets
- Config: add path type
- Remove backend deps from the connection code
* Upstream
- Allow ~b ~B ~h patterns in send2-hook
- Rename smime oppenc mode parameter to get_keys_by_addr()
- Add $crypt_opportunistic_encrypt_strong_keys config var
- Fix crash when polling a closed ssl connection
- Turn off auto-clear outside of autocrypt initialization
- Add protected-headers='v1' to Content-Type when protecting
headers
- Fix segv in IMAP postponed menu caused by reopen_allow
- Adding ISO 8601 calendar date
- Fix $fcc_attach to not prompt in batch mode
- Convert remaining mutt_encode_path() call to use struct
Buffer
- Fix rendering of replacement_char when Charset_is_utf8
- Update to latest acutest.h
- Update to 20191207:
* Features:
- compose: draw status bar with highlights
* Bug Fixes:
- crash opening notmuch mailbox
- crash in mutt_autocrypt_ui_recommendation
- Avoid negative allocation
- Mbox new mail
- Setting of DT_MAILBOX type variables from Lua
- imap: empty cmdbuf before connecting
- imap: select the mailbox on reconnect
- compose: fix attach message
* Build:
- make files conditional
* Code:
- enum-ify log levels
- fix function prototypes
- refactor virtual email lookups
- factor out global Context
- Changes from 20191129:
* Features:
- Add raw mailsize expando (%cr)
* Bug Fixes:
- Avoid double question marks in bounce confirmation msg
- Fix bounce confirmation
- fix new-mail flags and behaviour
- fix: browser <descend-directory>
- fix ssl crash
- fix move to trash
- fix flickering
- Do not check hidden mailboxes for new mail
- Fix new_mail_command notifications
- fix crash in examine_mailboxes()
- fix crash in mutt_sort_threads()
- fix: crash after sending
- Fix crash in tunnel's conn_close
- fix fcc for deep dirs
- imap: fix crash when new mail arrives
- fix colour 'quoted9'
- quieten messages on exit
- fix: crash after failed mbox_check
- browser: default to a file/dir view when attaching a file
* Changed Config:
- Change $write_bcc to default off
* Docs:
- Add a bit more documentation about sending
- Clarify $write_bcc documentation.
- Update documentation for raw size expando
- docbook: set generate.consistent.ids to make generated html
reproducible
* Build:
- fix build/tests for 32-bit arches
- tests: fix test that would fail soon
- tests: fix context for failing idna tests
- Update to 20191111:
Bug fixes:
* browser: fix directory view
* fix crash in mutt_extract_token()
* force a screen refresh
* fix crash sending message from command line
* notmuch: use nm_default_uri if no mailbox data
* fix forward attachments
* fix: vfprintf undefined behaviour in body_handler
* Fix relative symlink resolution
* fix: trash to non-existent file/dir
* fix re-opening of mbox Mailboxes
* close logging as late as possible
* log unknown mailboxes
* fix crash in command line postpone
* fix memory leaks
* fix icommand parsing
* fix new mail interaction with mail_check_recent
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patchnames
openSUSE-2020-2158
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for neomutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for neomutt fixes the following issues:\n\nUpdate neomutt to 20201120. Address boo#1179035, CVE-2020-28896.\n\n * Security\n - imap: close connection on all failures\n * Features\n - alias: add function to Alias/Query dialogs\n - config: add validators for {imap,smtp,pop}_authenticators\n - config: warn when signature file is missing or not readable\n - smtp: support for native SMTP LOGIN auth mech\n - notmuch: show originating folder in index\n * Bug Fixes\n - sidebar: prevent the divider colour bleeding out\n - sidebar: fix \u003csidebar-{next,prev}-new\u003e\n - notmuch: fix query for current email\n - restore shutdown-hook functionality\n - crash in reply-to\n - user-after-free in folder-hook\n - fix some leaks\n - fix application of limits to modified mailboxes\n - write Date header when postponing\n * Translations\n - 100% Lithuanian\n - 100% Czech\n - 70% Turkish\n * Docs\n - Document that $sort_alias affects the query menu\n * Build\n - improve ASAN flags\n - add SASL and S/MIME to --everything\n - fix contrib (un)install\n * Code\n - my_hdr compose screen notifications\n - add contracts to the MXAPI\n - maildir refactoring\n - further reduce the use of global variables\n * Upstream\n - Add $count_alternatives to count attachments inside alternatives\n- Changes from 20200925\n * Features\n - Compose: display user-defined headers\n - Address Book / Query: live sorting\n - Address Book / Query: patterns for searching\n - Config: Add \u0027+=\u0027 and \u0027-=\u0027 operators for String Lists\n - Config: Add \u0027+=\u0027 operator for Strings\n - Allow postfix query \u0027:setenv NAME?\u0027 for env vars\n * Bug Fixes\n - Fix crash when searching with invalid regexes\n - Compose: Prevent infinite loop of send2-hooks\n - Fix sidebar on new/removed mailboxes\n - Restore indentation for named mailboxes\n - Prevent half-parsing an alias\n - Remove folder creation prompt for POP path\n - Show error if $message_cachedir doesn\u0027t point to a valid directory\n - Fix tracking LastDir in case of IMAP paths with Unicode characters\n - Make sure all mail gets applied the index limit\n - Add warnings to -Q query CLI option\n - Fix index tracking functionality\n * Changed Config\n - Add $compose_show_user_headers (yes)\n * Translations\n - 100% Czech\n - 100% Lithuanian\n - Split up usage strings\n * Build\n - Run shellcheck on hcachever.sh\n - Add the Address Sanitizer\n - Move compose files to lib under compose/\n - Move address config into libaddress\n - Update to latest acutest - fixes a memory leak in the unit tests\n * Code\n - Implement ARRAY API\n - Deglobalised the Config Sort functions\n - Refactor the Sidebar to be Event-Driven\n - Refactor the Color Event\n - Refactor the Commands list\n - Make ctx_update_tables private\n - Reduce the scope/deps of some Validator functions\n - Use the Email\u0027s IMAP UID instead of an increasing number as index\n - debug: log window focus\n- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch.\n No longer needed.\n\n- Update to 20200821:\n * Bug Fixes\n - fix maildir flag generation\n - fix query notmuch if file is missing\n - notmuch: don\u0027t abort sync on error\n - fix type checking for send config variables\n * Changed Config\n - $sidebar_format - Use %D rather than %B for named mailboxes\n * Translations\n - 96% Lithuanian\n - 90% Polish\n- fix(sidebar): abbreviate/shorten what user sees\n\n- Fix sidebar mailbox name display problem. \n\n- Update to 20200814:\n * Notes\n - Add one-liner docs to config items\n See: neomutt -O -Q smart_wrap\n - Remove the built-in editor\n A large unused and unusable feature\n * Security\n - Add mitigation against DoS from thousands of parts\n boo#1179113\n * Features\n - Allow index-style searching in postpone menu\n - Open NeoMutt using a mailbox name\n - Add cd command to change the current working directory\n - Add tab-completion menu for patterns\n - Allow renaming existing mailboxes\n - Check for missing attachments in alternative parts\n - Add one-liner docs to config items\n * Bug Fixes\n - Fix logic in checking an empty From address\n - Fix Imap crash in cmd_parse_expunge()\n - Fix setting attributes with S-Lang\n - Fix: redrawing of $pager_index_lines\n - Fix progress percentage for syncing large mboxes\n - Fix sidebar drawing in presence of indentation + named mailboxes\n - Fix retrieval of drafts when \u0027postponed\u0027 is not in the mailboxes list\n - Do not add comments to address group terminators\n - Fix alias sorting for degenerate addresses\n - Fix attaching emails\n - Create directories for nonexistent file hcache case\n - Avoid creating mailboxes for failed subscribes\n - Fix crash if rejecting cert\n * Changed Config\n - Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed\n - Change default of $crypt_protected_headers_subject to \u0027...\u0027\n - Add default keybindings to history-up/down\n * Translations\n - 100% Czech\n - 100% Spanish\n * Build\n - Allow building against Lua 5.4\n - Fix when sqlite3.h is missing\n * Docs\n - Add a brief section on stty to the manual\n - Update section \u0027Terminal Keybindings\u0027 in the manual\n - Clarify PGP Pseudo-header S\u003cid\u003e duration\n * Code\n - Clean up String API\n - Make the Sidebar more independent\n - De-centralise the Config Variables\n - Refactor dialogs\n - Refactor: Help Bar generation\n - Make more APIs Context-free\n - Adjust the edata use in Maildir and Notmuch\n - Window refactoring\n - Convert libsend to use Config functions\n - Refactor notifications to reduce noise\n - Convert Keymaps to use STAILQ\n - Track currently selected email by msgid\n - Config: no backing global variable\n - Add events for key binding\n * Upstream\n - Fix imap postponed mailbox use-after-free error\n - Speed up thread sort when many long threads exist\n - Fix ~v tagging when switching to non-threaded sorting\n - Add message/global to the list of known \u0027message\u0027 types\n - Print progress meter when copying/saving tagged messages\n - Remove ansi formatting from autoview generated quoted replies\n - Change postpone mode to write Date header too\n - Unstuff format=flowed\n\n- Update to 20200626:\n * Bug Fixes\n - Avoid opening the same hcache file twice\n - Re-open Mailbox after folder-hook\n - Fix the matching of the spoolfile Mailbox\n - Fix link-thread to link all tagged emails\n * Changed Config\n - Add $tunnel_is_secure config, defaulting to true\n * Upstream\n - Don\u0027t check IMAP PREAUTH encryption if $tunnel is in use\n - Add recommendation to use $ssl_force_tls\n- Changes from 20200501:\n * Security\n - Abort GnuTLS certificate check if a cert in the chain is rejected\n CVE-2020-14154 boo#1172906\n - TLS: clear data after a starttls acknowledgement\n CVE-2020-14954 boo#1173197\n - Prevent possible IMAP MITM via PREAUTH response\n CVE-2020-14093 boo#1172935\n * Features\n - add config operations +=/-= for number,long\n - Address book has a comment field\n - Query menu has a comment field\n * Contrib\n sample.neomuttrc-starter: Do not echo prompted password\n * Bug Fixes\n - make \u0027news://\u0027 and \u0027nntp://\u0027 schemes interchangeable\n - Fix CRLF to LF conversion in base64 decoding\n - Double comma in query\n - compose: fix redraw after history\n - Crash inside empty query menu\n - mmdf: fix creating new mailbox\n - mh: fix creating new mailbox\n - mbox: error out when an mbox/mmdf is a pipe\n - Fix list-reply by correct parsing of List-Post headers\n - Decode references according to RFC2047\n - fix tagged message count\n - hcache: fix keylen not being considered when building the full key\n - sidebar: fix path comparison\n - Don\u0027t mess with the original pattern when running IMAP searches\n - Handle IMAP \u0027NO\u0027 resps by issuing a msg instead of failing badly\n - imap: use the connection delimiter if provided\n - Memory leaks\n * Changed Config\n - $alias_format default changed to include %c comment\n - $query_format default changed to include %e extra info\n * Translations\n - 100% Lithuanian\n - 84% French\n - Log the translation in use\n * Docs\n - Add missing commands unbind, unmacro to man pages\n * Build\n - Check size of long using LONG_MAX instead of __WORDSIZE\n - Allow ./configure to not record cflags\n - fix out-of-tree build\n - Avoid locating gdbm symbols in qdbm library\n * Code\n - Refactor unsafe TAILQ returns\n - add window notifications\n - flip negative ifs\n - Update to latest acutest.h\n - test: add store tests\n - test: add compression tests\n - graphviz: email\n - make more opcode info available\n - refactor: main_change_folder()\n - refactor: mutt_mailbox_next()\n - refactor: generate_body()\n - compress: add {min,max}_level to ComprOps\n - emphasise empty loops: \u0027// do nothing\u0027\n - prex: convert is_from() to use regex\n - Refactor IMAP\u0027s search routines\n\n- Update to 20200501:\n * Bug Fixes\n - Make sure buffers are initialized on error\n - fix(sidebar): use abbreviated path if possible\n * Translations\n - 100% Lithuanian\n * Docs\n - make header cache config more explicit\n- Changes from 20200424:\n * Bug Fixes\n - Fix history corruption\n - Handle pretty much anything in a URL query part\n - Correctly parse escaped characters in header phrases\n - Fix crash reading received header\n - Fix sidebar indentation\n - Avoid crashing on failure to parse an IMAP mailbox\n - Maildir: handle deleted emails correctly\n - Ensure OP_NULL is always first\n * Translations\n - 100% Czech\n * Build\n - cirrus: enable pcre2, make pkgconf a special case\n - Fix finding pcre2 w/o pkgconf\n - build: tdb.h needs size_t, bring it in with stddef.h\n- Changes from 20200417:\n * Features\n - Fluid layout for Compose Screen, see: vimeo.com/407231157\n - Trivial Database (TDB) header cache backend\n - RocksDB header cache backend\n - Add \u003csidebar-first\u003e and \u003csidebar-last\u003e functions\n * Bug Fixes\n - add error for CLI empty emails\n - Allow spaces and square brackets in paths\n - browser: fix hidden mailboxes\n - fix initial email display\n - notmuch: fix time window search.\n - fix resize bugs\n - notmuch: fix entire-thread: update current email pointer\n - sidebar: support indenting and shortening of names\n - Handle variables inside backticks in sidebar_whitelist\n - browser: fix mask regex error reporting\n * Translations\n - 100% Lithuanian\n - 99% Chinese (simplified)\n * Build\n - Use regexes for common parsing tasks: urls, dates\n - Add configure option --pcre2 -- Enable PCRE2 regular expressions\n - Add configure option --tdb -- Use TDB for the header cache\n - Add configure option --rocksdb -- Use RocksDB for the header cache\n - Create libstore (key/value backends)\n - Update to latest autosetup\n - Update to latest acutest.h\n - Rename doc/ directory to docs/\n - make: fix location of .Po dependency files\n - Change libcompress to be more universal\n - Fix test fails on \u044532\n - fix uidvalidity to unsigned 32-bit int\n * Code\n - Increase test coverage\n - Fix memory leaks\n - Fix null checks\n * Upstream\n - Buffer refactoring\n - Fix use-after-free in mutt_str_replace()\n - Clarify PGP Pseudo-header S\u003cid\u003e duration\n - Try to respect MUTT_QUIET for IMAP contexts too\n - Limit recurse depth when parsing mime messages\n\n- Update to 20200320:\n * Bug Fixes\n - Fix COLUMNS env var\n - Fix sync after delete\n - Fix crash in notmuch\n - Fix sidebar indent\n - Fix emptying trash\n - Fix command line sending\n - Fix reading large address lists\n - Resolve symlinks only when necessary\n * Translations\n - lithuania 100% Lithuanian\n - es 96% Spanish\n * Docs\n - Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output\n - Fix case of GPGME and SQLite\n * Build\n - Create libcompress (lz4, zlib, zstd)\n - Create libhistory\n - Create libbcache\n - Move zstrm to libconn\n * Code\n - Add more test coverage\n - Rename magic to type\n - Use mutt_file_fopen() on config variables\n - Change commands to use intptr_t for data\n\n- Update to 20200313:\n * Window layout\n - Sidebar is only visible when it\u0027s usable.\n * Features\n - UI: add number of old messages to sidebar_format\n - UI: support ISO 8601 calendar date\n - UI: fix commands that don\u2019t need to have a non-empty mailbox\n to be valid\n - PGP: inform about successful decryption of inline PGP\n messages\n - PGP: try to infer the signing key from the From address\n - PGP: enable GPGMe by default\n - Notmuch: use query as name for vfolder-from-query\n - IMAP: add network traffic compression\n (COMPRESS=DEFLATE, RFC4978)\n - Header cache: add support for generic header cache\n compression\n * Bug Fixes\n - Fix uncollapse_jump\n - Only try to perform entire-thread on maildir/mh mailboxes\n - Fix crash in pager\n - Avoid logging single new lines at the end of header fields\n - Fix listing mailboxes\n - Do not recurse a non-threaded message\n - Fix initial window order\n - Fix leaks on IMAP error paths\n - Notmuch: compose(attach-message): support notmuch backend\n - Fix IMAP flag comparison code\n - Fix $move for IMAP mailboxes\n - Maildir: maildir_mbox_check_stats should only update mailbox\n stats if requested\n - Fix unmailboxes for virtual mailboxes\n - Maildir: sanitize filename before hashing\n - OAuth: if \u0027login\u0027 name isn\u0027t available use \u0027user\u0027\n - Add error message on failed encryption\n - Fix a bunch of crashes\n - Force C locale for email date\n - Abort if run without a terminal\n * Changed Config\n - $crypt_use_gpgme - Now defaults to \u0027yes\u0027 (enabled)\n - $abort_backspace - Hitting backspace against an empty prompt\n aborts the prompt\n - $abort_key - String representation of key to abort prompts\n - $arrow_string - Use an custom string for arrow_cursor\n - $crypt_opportunistic_encrypt_strong_keys - Enable encryption\n only when strong a key is available\n - $header_cache_compress_dictionary - Filepath to dictionary\n for zstd compression\n - $header_cache_compress_level - Level of compression for\n method\n - $header_cache_compress_method - Enable generic hcache\n database compression\n - $imap_deflate - Compress network traffic\n - $smtp_user - Username for the SMTP server\n * Translations\n - 100% Lithuanian\n - 81% Spanish\n - 78% Russian\n * Build\n - Add libdebug\n - Rename public headers to lib.h\n - Create libcompress for compressed folders code\n * Code\n - Refactor Windows and Dialogs\n - Lots of code tidying\n - Refactor: mutt_addrlist_{search,write}\n - Lots of improvements to the Config code\n - Use Buffers more pervasively\n - Unify API function naming\n - Rename library shared headers\n - Refactor libconn gui dependencies\n - Refactor: init.[ch]\n - Refactor config to use subsets\n - Config: add path type\n - Remove backend deps from the connection code\n * Upstream\n - Allow ~b ~B ~h patterns in send2-hook\n - Rename smime oppenc mode parameter to get_keys_by_addr()\n - Add $crypt_opportunistic_encrypt_strong_keys config var\n - Fix crash when polling a closed ssl connection\n - Turn off auto-clear outside of autocrypt initialization\n - Add protected-headers=\u0027v1\u0027 to Content-Type when protecting\n headers\n - Fix segv in IMAP postponed menu caused by reopen_allow\n - Adding ISO 8601 calendar date\n - Fix $fcc_attach to not prompt in batch mode\n - Convert remaining mutt_encode_path() call to use struct\n Buffer\n - Fix rendering of replacement_char when Charset_is_utf8\n - Update to latest acutest.h\n\n- Update to 20191207:\n * Features:\n - compose: draw status bar with highlights\n * Bug Fixes:\n - crash opening notmuch mailbox\n - crash in mutt_autocrypt_ui_recommendation\n - Avoid negative allocation\n - Mbox new mail\n - Setting of DT_MAILBOX type variables from Lua\n - imap: empty cmdbuf before connecting\n - imap: select the mailbox on reconnect\n - compose: fix attach message\n * Build:\n - make files conditional\n * Code:\n - enum-ify log levels\n - fix function prototypes\n - refactor virtual email lookups\n - factor out global Context\n- Changes from 20191129:\n * Features:\n - Add raw mailsize expando (%cr)\n * Bug Fixes:\n - Avoid double question marks in bounce confirmation msg\n - Fix bounce confirmation\n - fix new-mail flags and behaviour\n - fix: browser \u003cdescend-directory\u003e\n - fix ssl crash\n - fix move to trash\n - fix flickering\n - Do not check hidden mailboxes for new mail\n - Fix new_mail_command notifications\n - fix crash in examine_mailboxes()\n - fix crash in mutt_sort_threads()\n - fix: crash after sending\n - Fix crash in tunnel\u0027s conn_close\n - fix fcc for deep dirs\n - imap: fix crash when new mail arrives\n - fix colour \u0027quoted9\u0027\n - quieten messages on exit\n - fix: crash after failed mbox_check\n - browser: default to a file/dir view when attaching a file\n * Changed Config:\n - Change $write_bcc to default off\n * Docs:\n - Add a bit more documentation about sending\n - Clarify $write_bcc documentation.\n - Update documentation for raw size expando\n - docbook: set generate.consistent.ids to make generated html\n reproducible\n * Build:\n - fix build/tests for 32-bit arches\n - tests: fix test that would fail soon\n - tests: fix context for failing idna tests\n\n- Update to 20191111:\n Bug fixes:\n * browser: fix directory view\n * fix crash in mutt_extract_token()\n * force a screen refresh\n * fix crash sending message from command line\n * notmuch: use nm_default_uri if no mailbox data\n * fix forward attachments\n * fix: vfprintf undefined behaviour in body_handler\n * Fix relative symlink resolution\n * fix: trash to non-existent file/dir\n * fix re-opening of mbox Mailboxes\n * close logging as late as possible\n * log unknown mailboxes\n * fix crash in command line postpone\n * fix memory leaks\n * fix icommand parsing\n * fix new mail interaction with mail_check_recent\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2158",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2158-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2158-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LP3RDP5YFHOILA5LLZD7YQXIDYSTUJ2A/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2158-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LP3RDP5YFHOILA5LLZD7YQXIDYSTUJ2A/"
},
{
"category": "self",
"summary": "SUSE Bug 1172906",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "self",
"summary": "SUSE Bug 1172935",
"url": "https://bugzilla.suse.com/1172935"
},
{
"category": "self",
"summary": "SUSE Bug 1173197",
"url": "https://bugzilla.suse.com/1173197"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14093 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14154 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for neomutt",
"tracking": {
"current_release_date": "2020-12-04T09:23:31Z",
"generator": {
"date": "2020-12-04T09:23:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2158-1",
"initial_release_date": "2020-12-04T09:23:31Z",
"revision_history": [
{
"date": "2020-12-04T09:23:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp152.2.3.1.aarch64",
"product": {
"name": "neomutt-20201120-bp152.2.3.1.aarch64",
"product_id": "neomutt-20201120-bp152.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-doc-20201120-bp152.2.3.1.noarch",
"product": {
"name": "neomutt-doc-20201120-bp152.2.3.1.noarch",
"product_id": "neomutt-doc-20201120-bp152.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20201120-bp152.2.3.1.noarch",
"product": {
"name": "neomutt-lang-20201120-bp152.2.3.1.noarch",
"product_id": "neomutt-lang-20201120-bp152.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp152.2.3.1.ppc64le",
"product": {
"name": "neomutt-20201120-bp152.2.3.1.ppc64le",
"product_id": "neomutt-20201120-bp152.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp152.2.3.1.s390x",
"product": {
"name": "neomutt-20201120-bp152.2.3.1.s390x",
"product_id": "neomutt-20201120-bp152.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp152.2.3.1.x86_64",
"product": {
"name": "neomutt-20201120-bp152.2.3.1.x86_64",
"product_id": "neomutt-20201120-bp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp152.2.3.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64"
},
"product_reference": "neomutt-20201120-bp152.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp152.2.3.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le"
},
"product_reference": "neomutt-20201120-bp152.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp152.2.3.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x"
},
"product_reference": "neomutt-20201120-bp152.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp152.2.3.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64"
},
"product_reference": "neomutt-20201120-bp152.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20201120-bp152.2.3.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch"
},
"product_reference": "neomutt-doc-20201120-bp152.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20201120-bp152.2.3.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
},
"product_reference": "neomutt-lang-20201120-bp152.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14093"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14093",
"url": "https://www.suse.com/security/cve/CVE-2020-14093"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:31Z",
"details": "important"
}
],
"title": "CVE-2020-14093"
},
{
"cve": "CVE-2020-14154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14154"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14154",
"url": "https://www.suse.com/security/cve/CVE-2020-14154"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:31Z",
"details": "important"
}
],
"title": "CVE-2020-14154"
},
{
"cve": "CVE-2020-14954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14954"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14954",
"url": "https://www.suse.com/security/cve/CVE-2020-14954"
},
{
"category": "external",
"summary": "SUSE Bug 1173197 for CVE-2020-14954",
"url": "https://bugzilla.suse.com/1173197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:31Z",
"details": "important"
}
],
"title": "CVE-2020-14954"
},
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:neomutt-20201120-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:neomutt-doc-20201120-bp152.2.3.1.noarch",
"SUSE Package Hub 15 SP2:neomutt-lang-20201120-bp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:31Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2020:2127-1
Vulnerability from csaf_opensuse - Published: 2020-11-30 19:22 - Updated: 2020-11-30 19:22Summary
Security update for neomutt
Notes
Title of the patch
Security update for neomutt
Description of the patch
This update for neomutt fixes the following issues:
Update neomutt to 20201120. Address boo#1179035, CVE-2020-28896.
* Security
- imap: close connection on all failures
* Features
- alias: add function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
- Changes from 20200925
* Features
- Compose: display user-defined headers
- Address Book / Query: live sorting
- Address Book / Query: patterns for searching
- Config: Add '+=' and '-=' operators for String Lists
- Config: Add '+=' operator for Strings
- Allow postfix query ':setenv NAME?' for env vars
* Bug Fixes
- Fix crash when searching with invalid regexes
- Compose: Prevent infinite loop of send2-hooks
- Fix sidebar on new/removed mailboxes
- Restore indentation for named mailboxes
- Prevent half-parsing an alias
- Remove folder creation prompt for POP path
- Show error if $message_cachedir doesn't point to a valid directory
- Fix tracking LastDir in case of IMAP paths with Unicode characters
- Make sure all mail gets applied the index limit
- Add warnings to -Q query CLI option
- Fix index tracking functionality
* Changed Config
- Add $compose_show_user_headers (yes)
* Translations
- 100% Czech
- 100% Lithuanian
- Split up usage strings
* Build
- Run shellcheck on hcachever.sh
- Add the Address Sanitizer
- Move compose files to lib under compose/
- Move address config into libaddress
- Update to latest acutest - fixes a memory leak in the unit tests
* Code
- Implement ARRAY API
- Deglobalised the Config Sort functions
- Refactor the Sidebar to be Event-Driven
- Refactor the Color Event
- Refactor the Commands list
- Make ctx_update_tables private
- Reduce the scope/deps of some Validator functions
- Use the Email's IMAP UID instead of an increasing number as index
- debug: log window focus
- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch.
No longer needed.
- Update to 20200821:
* Bug Fixes
- fix maildir flag generation
- fix query notmuch if file is missing
- notmuch: don't abort sync on error
- fix type checking for send config variables
* Changed Config
- $sidebar_format - Use %D rather than %B for named mailboxes
* Translations
- 96% Lithuanian
- 90% Polish
- fix(sidebar): abbreviate/shorten what user sees
- Fix sidebar mailbox name display problem.
- Update to 20200814:
* Notes
- Add one-liner docs to config items
See: neomutt -O -Q smart_wrap
- Remove the built-in editor
A large unused and unusable feature
* Security
- Add mitigation against DoS from thousands of parts
boo#1179113
* Features
- Allow index-style searching in postpone menu
- Open NeoMutt using a mailbox name
- Add cd command to change the current working directory
- Add tab-completion menu for patterns
- Allow renaming existing mailboxes
- Check for missing attachments in alternative parts
- Add one-liner docs to config items
* Bug Fixes
- Fix logic in checking an empty From address
- Fix Imap crash in cmd_parse_expunge()
- Fix setting attributes with S-Lang
- Fix: redrawing of $pager_index_lines
- Fix progress percentage for syncing large mboxes
- Fix sidebar drawing in presence of indentation + named mailboxes
- Fix retrieval of drafts when 'postponed' is not in the mailboxes list
- Do not add comments to address group terminators
- Fix alias sorting for degenerate addresses
- Fix attaching emails
- Create directories for nonexistent file hcache case
- Avoid creating mailboxes for failed subscribes
- Fix crash if rejecting cert
* Changed Config
- Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed
- Change default of $crypt_protected_headers_subject to '...'
- Add default keybindings to history-up/down
* Translations
- 100% Czech
- 100% Spanish
* Build
- Allow building against Lua 5.4
- Fix when sqlite3.h is missing
* Docs
- Add a brief section on stty to the manual
- Update section 'Terminal Keybindings' in the manual
- Clarify PGP Pseudo-header S<id> duration
* Code
- Clean up String API
- Make the Sidebar more independent
- De-centralise the Config Variables
- Refactor dialogs
- Refactor: Help Bar generation
- Make more APIs Context-free
- Adjust the edata use in Maildir and Notmuch
- Window refactoring
- Convert libsend to use Config functions
- Refactor notifications to reduce noise
- Convert Keymaps to use STAILQ
- Track currently selected email by msgid
- Config: no backing global variable
- Add events for key binding
* Upstream
- Fix imap postponed mailbox use-after-free error
- Speed up thread sort when many long threads exist
- Fix ~v tagging when switching to non-threaded sorting
- Add message/global to the list of known 'message' types
- Print progress meter when copying/saving tagged messages
- Remove ansi formatting from autoview generated quoted replies
- Change postpone mode to write Date header too
- Unstuff format=flowed
- Update to 20200626:
* Bug Fixes
- Avoid opening the same hcache file twice
- Re-open Mailbox after folder-hook
- Fix the matching of the spoolfile Mailbox
- Fix link-thread to link all tagged emails
* Changed Config
- Add $tunnel_is_secure config, defaulting to true
* Upstream
- Don't check IMAP PREAUTH encryption if $tunnel is in use
- Add recommendation to use $ssl_force_tls
- Changes from 20200501:
* Security
- Abort GnuTLS certificate check if a cert in the chain is rejected
CVE-2020-14154 boo#1172906
- TLS: clear data after a starttls acknowledgement
CVE-2020-14954 boo#1173197
- Prevent possible IMAP MITM via PREAUTH response
CVE-2020-14093 boo#1172935
* Features
- add config operations +=/-= for number,long
- Address book has a comment field
- Query menu has a comment field
* Contrib
sample.neomuttrc-starter: Do not echo prompted password
* Bug Fixes
- make 'news://' and 'nntp://' schemes interchangeable
- Fix CRLF to LF conversion in base64 decoding
- Double comma in query
- compose: fix redraw after history
- Crash inside empty query menu
- mmdf: fix creating new mailbox
- mh: fix creating new mailbox
- mbox: error out when an mbox/mmdf is a pipe
- Fix list-reply by correct parsing of List-Post headers
- Decode references according to RFC2047
- fix tagged message count
- hcache: fix keylen not being considered when building the full key
- sidebar: fix path comparison
- Don't mess with the original pattern when running IMAP searches
- Handle IMAP 'NO' resps by issuing a msg instead of failing badly
- imap: use the connection delimiter if provided
- Memory leaks
* Changed Config
- $alias_format default changed to include %c comment
- $query_format default changed to include %e extra info
* Translations
- 100% Lithuanian
- 84% French
- Log the translation in use
* Docs
- Add missing commands unbind, unmacro to man pages
* Build
- Check size of long using LONG_MAX instead of __WORDSIZE
- Allow ./configure to not record cflags
- fix out-of-tree build
- Avoid locating gdbm symbols in qdbm library
* Code
- Refactor unsafe TAILQ returns
- add window notifications
- flip negative ifs
- Update to latest acutest.h
- test: add store tests
- test: add compression tests
- graphviz: email
- make more opcode info available
- refactor: main_change_folder()
- refactor: mutt_mailbox_next()
- refactor: generate_body()
- compress: add {min,max}_level to ComprOps
- emphasise empty loops: '// do nothing'
- prex: convert is_from() to use regex
- Refactor IMAP's search routines
- Update to 20200501:
* Bug Fixes
- Make sure buffers are initialized on error
- fix(sidebar): use abbreviated path if possible
* Translations
- 100% Lithuanian
* Docs
- make header cache config more explicit
- Changes from 20200424:
* Bug Fixes
- Fix history corruption
- Handle pretty much anything in a URL query part
- Correctly parse escaped characters in header phrases
- Fix crash reading received header
- Fix sidebar indentation
- Avoid crashing on failure to parse an IMAP mailbox
- Maildir: handle deleted emails correctly
- Ensure OP_NULL is always first
* Translations
- 100% Czech
* Build
- cirrus: enable pcre2, make pkgconf a special case
- Fix finding pcre2 w/o pkgconf
- build: tdb.h needs size_t, bring it in with stddef.h
- Changes from 20200417:
* Features
- Fluid layout for Compose Screen, see: vimeo.com/407231157
- Trivial Database (TDB) header cache backend
- RocksDB header cache backend
- Add <sidebar-first> and <sidebar-last> functions
* Bug Fixes
- add error for CLI empty emails
- Allow spaces and square brackets in paths
- browser: fix hidden mailboxes
- fix initial email display
- notmuch: fix time window search.
- fix resize bugs
- notmuch: fix entire-thread: update current email pointer
- sidebar: support indenting and shortening of names
- Handle variables inside backticks in sidebar_whitelist
- browser: fix mask regex error reporting
* Translations
- 100% Lithuanian
- 99% Chinese (simplified)
* Build
- Use regexes for common parsing tasks: urls, dates
- Add configure option --pcre2 -- Enable PCRE2 regular expressions
- Add configure option --tdb -- Use TDB for the header cache
- Add configure option --rocksdb -- Use RocksDB for the header cache
- Create libstore (key/value backends)
- Update to latest autosetup
- Update to latest acutest.h
- Rename doc/ directory to docs/
- make: fix location of .Po dependency files
- Change libcompress to be more universal
- Fix test fails on х32
- fix uidvalidity to unsigned 32-bit int
* Code
- Increase test coverage
- Fix memory leaks
- Fix null checks
* Upstream
- Buffer refactoring
- Fix use-after-free in mutt_str_replace()
- Clarify PGP Pseudo-header S<id> duration
- Try to respect MUTT_QUIET for IMAP contexts too
- Limit recurse depth when parsing mime messages
- Update to 20200320:
* Bug Fixes
- Fix COLUMNS env var
- Fix sync after delete
- Fix crash in notmuch
- Fix sidebar indent
- Fix emptying trash
- Fix command line sending
- Fix reading large address lists
- Resolve symlinks only when necessary
* Translations
- lithuania 100% Lithuanian
- es 96% Spanish
* Docs
- Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output
- Fix case of GPGME and SQLite
* Build
- Create libcompress (lz4, zlib, zstd)
- Create libhistory
- Create libbcache
- Move zstrm to libconn
* Code
- Add more test coverage
- Rename magic to type
- Use mutt_file_fopen() on config variables
- Change commands to use intptr_t for data
- Update to 20200313:
* Window layout
- Sidebar is only visible when it's usable.
* Features
- UI: add number of old messages to sidebar_format
- UI: support ISO 8601 calendar date
- UI: fix commands that don’t need to have a non-empty mailbox
to be valid
- PGP: inform about successful decryption of inline PGP
messages
- PGP: try to infer the signing key from the From address
- PGP: enable GPGMe by default
- Notmuch: use query as name for vfolder-from-query
- IMAP: add network traffic compression
(COMPRESS=DEFLATE, RFC4978)
- Header cache: add support for generic header cache
compression
* Bug Fixes
- Fix uncollapse_jump
- Only try to perform entire-thread on maildir/mh mailboxes
- Fix crash in pager
- Avoid logging single new lines at the end of header fields
- Fix listing mailboxes
- Do not recurse a non-threaded message
- Fix initial window order
- Fix leaks on IMAP error paths
- Notmuch: compose(attach-message): support notmuch backend
- Fix IMAP flag comparison code
- Fix $move for IMAP mailboxes
- Maildir: maildir_mbox_check_stats should only update mailbox
stats if requested
- Fix unmailboxes for virtual mailboxes
- Maildir: sanitize filename before hashing
- OAuth: if 'login' name isn't available use 'user'
- Add error message on failed encryption
- Fix a bunch of crashes
- Force C locale for email date
- Abort if run without a terminal
* Changed Config
- $crypt_use_gpgme - Now defaults to 'yes' (enabled)
- $abort_backspace - Hitting backspace against an empty prompt
aborts the prompt
- $abort_key - String representation of key to abort prompts
- $arrow_string - Use an custom string for arrow_cursor
- $crypt_opportunistic_encrypt_strong_keys - Enable encryption
only when strong a key is available
- $header_cache_compress_dictionary - Filepath to dictionary
for zstd compression
- $header_cache_compress_level - Level of compression for
method
- $header_cache_compress_method - Enable generic hcache
database compression
- $imap_deflate - Compress network traffic
- $smtp_user - Username for the SMTP server
* Translations
- 100% Lithuanian
- 81% Spanish
- 78% Russian
* Build
- Add libdebug
- Rename public headers to lib.h
- Create libcompress for compressed folders code
* Code
- Refactor Windows and Dialogs
- Lots of code tidying
- Refactor: mutt_addrlist_{search,write}
- Lots of improvements to the Config code
- Use Buffers more pervasively
- Unify API function naming
- Rename library shared headers
- Refactor libconn gui dependencies
- Refactor: init.[ch]
- Refactor config to use subsets
- Config: add path type
- Remove backend deps from the connection code
* Upstream
- Allow ~b ~B ~h patterns in send2-hook
- Rename smime oppenc mode parameter to get_keys_by_addr()
- Add $crypt_opportunistic_encrypt_strong_keys config var
- Fix crash when polling a closed ssl connection
- Turn off auto-clear outside of autocrypt initialization
- Add protected-headers='v1' to Content-Type when protecting
headers
- Fix segv in IMAP postponed menu caused by reopen_allow
- Adding ISO 8601 calendar date
- Fix $fcc_attach to not prompt in batch mode
- Convert remaining mutt_encode_path() call to use struct
Buffer
- Fix rendering of replacement_char when Charset_is_utf8
- Update to latest acutest.h
- Update to 20191207:
* Features:
- compose: draw status bar with highlights
* Bug Fixes:
- crash opening notmuch mailbox
- crash in mutt_autocrypt_ui_recommendation
- Avoid negative allocation
- Mbox new mail
- Setting of DT_MAILBOX type variables from Lua
- imap: empty cmdbuf before connecting
- imap: select the mailbox on reconnect
- compose: fix attach message
* Build:
- make files conditional
* Code:
- enum-ify log levels
- fix function prototypes
- refactor virtual email lookups
- factor out global Context
- Changes from 20191129:
* Features:
- Add raw mailsize expando (%cr)
* Bug Fixes:
- Avoid double question marks in bounce confirmation msg
- Fix bounce confirmation
- fix new-mail flags and behaviour
- fix: browser <descend-directory>
- fix ssl crash
- fix move to trash
- fix flickering
- Do not check hidden mailboxes for new mail
- Fix new_mail_command notifications
- fix crash in examine_mailboxes()
- fix crash in mutt_sort_threads()
- fix: crash after sending
- Fix crash in tunnel's conn_close
- fix fcc for deep dirs
- imap: fix crash when new mail arrives
- fix colour 'quoted9'
- quieten messages on exit
- fix: crash after failed mbox_check
- browser: default to a file/dir view when attaching a file
* Changed Config:
- Change $write_bcc to default off
* Docs:
- Add a bit more documentation about sending
- Clarify $write_bcc documentation.
- Update documentation for raw size expando
- docbook: set generate.consistent.ids to make generated html
reproducible
* Build:
- fix build/tests for 32-bit arches
- tests: fix test that would fail soon
- tests: fix context for failing idna tests
- Update to 20191111:
Bug fixes:
* browser: fix directory view
* fix crash in mutt_extract_token()
* force a screen refresh
* fix crash sending message from command line
* notmuch: use nm_default_uri if no mailbox data
* fix forward attachments
* fix: vfprintf undefined behaviour in body_handler
* Fix relative symlink resolution
* fix: trash to non-existent file/dir
* fix re-opening of mbox Mailboxes
* close logging as late as possible
* log unknown mailboxes
* fix crash in command line postpone
* fix memory leaks
* fix icommand parsing
* fix new mail interaction with mail_check_recent
Patchnames
openSUSE-2020-2127
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for neomutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for neomutt fixes the following issues:\n\nUpdate neomutt to 20201120. Address boo#1179035, CVE-2020-28896.\n\n * Security\n - imap: close connection on all failures\n * Features\n - alias: add function to Alias/Query dialogs\n - config: add validators for {imap,smtp,pop}_authenticators\n - config: warn when signature file is missing or not readable\n - smtp: support for native SMTP LOGIN auth mech\n - notmuch: show originating folder in index\n * Bug Fixes\n - sidebar: prevent the divider colour bleeding out\n - sidebar: fix \u003csidebar-{next,prev}-new\u003e\n - notmuch: fix query for current email\n - restore shutdown-hook functionality\n - crash in reply-to\n - user-after-free in folder-hook\n - fix some leaks\n - fix application of limits to modified mailboxes\n - write Date header when postponing\n * Translations\n - 100% Lithuanian\n - 100% Czech\n - 70% Turkish\n * Docs\n - Document that $sort_alias affects the query menu\n * Build\n - improve ASAN flags\n - add SASL and S/MIME to --everything\n - fix contrib (un)install\n * Code\n - my_hdr compose screen notifications\n - add contracts to the MXAPI\n - maildir refactoring\n - further reduce the use of global variables\n * Upstream\n - Add $count_alternatives to count attachments inside alternatives\n- Changes from 20200925\n * Features\n - Compose: display user-defined headers\n - Address Book / Query: live sorting\n - Address Book / Query: patterns for searching\n - Config: Add \u0027+=\u0027 and \u0027-=\u0027 operators for String Lists\n - Config: Add \u0027+=\u0027 operator for Strings\n - Allow postfix query \u0027:setenv NAME?\u0027 for env vars\n * Bug Fixes\n - Fix crash when searching with invalid regexes\n - Compose: Prevent infinite loop of send2-hooks\n - Fix sidebar on new/removed mailboxes\n - Restore indentation for named mailboxes\n - Prevent half-parsing an alias\n - Remove folder creation prompt for POP path\n - Show error if $message_cachedir doesn\u0027t point to a valid directory\n - Fix tracking LastDir in case of IMAP paths with Unicode characters\n - Make sure all mail gets applied the index limit\n - Add warnings to -Q query CLI option\n - Fix index tracking functionality\n * Changed Config\n - Add $compose_show_user_headers (yes)\n * Translations\n - 100% Czech\n - 100% Lithuanian\n - Split up usage strings\n * Build\n - Run shellcheck on hcachever.sh\n - Add the Address Sanitizer\n - Move compose files to lib under compose/\n - Move address config into libaddress\n - Update to latest acutest - fixes a memory leak in the unit tests\n * Code\n - Implement ARRAY API\n - Deglobalised the Config Sort functions\n - Refactor the Sidebar to be Event-Driven\n - Refactor the Color Event\n - Refactor the Commands list\n - Make ctx_update_tables private\n - Reduce the scope/deps of some Validator functions\n - Use the Email\u0027s IMAP UID instead of an increasing number as index\n - debug: log window focus\n- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch.\n No longer needed.\n\n- Update to 20200821:\n * Bug Fixes\n - fix maildir flag generation\n - fix query notmuch if file is missing\n - notmuch: don\u0027t abort sync on error\n - fix type checking for send config variables\n * Changed Config\n - $sidebar_format - Use %D rather than %B for named mailboxes\n * Translations\n - 96% Lithuanian\n - 90% Polish\n- fix(sidebar): abbreviate/shorten what user sees\n\n- Fix sidebar mailbox name display problem. \n\n- Update to 20200814:\n * Notes\n - Add one-liner docs to config items\n See: neomutt -O -Q smart_wrap\n - Remove the built-in editor\n A large unused and unusable feature\n * Security\n - Add mitigation against DoS from thousands of parts\n boo#1179113\n * Features\n - Allow index-style searching in postpone menu\n - Open NeoMutt using a mailbox name\n - Add cd command to change the current working directory\n - Add tab-completion menu for patterns\n - Allow renaming existing mailboxes\n - Check for missing attachments in alternative parts\n - Add one-liner docs to config items\n * Bug Fixes\n - Fix logic in checking an empty From address\n - Fix Imap crash in cmd_parse_expunge()\n - Fix setting attributes with S-Lang\n - Fix: redrawing of $pager_index_lines\n - Fix progress percentage for syncing large mboxes\n - Fix sidebar drawing in presence of indentation + named mailboxes\n - Fix retrieval of drafts when \u0027postponed\u0027 is not in the mailboxes list\n - Do not add comments to address group terminators\n - Fix alias sorting for degenerate addresses\n - Fix attaching emails\n - Create directories for nonexistent file hcache case\n - Avoid creating mailboxes for failed subscribes\n - Fix crash if rejecting cert\n * Changed Config\n - Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed\n - Change default of $crypt_protected_headers_subject to \u0027...\u0027\n - Add default keybindings to history-up/down\n * Translations\n - 100% Czech\n - 100% Spanish\n * Build\n - Allow building against Lua 5.4\n - Fix when sqlite3.h is missing\n * Docs\n - Add a brief section on stty to the manual\n - Update section \u0027Terminal Keybindings\u0027 in the manual\n - Clarify PGP Pseudo-header S\u003cid\u003e duration\n * Code\n - Clean up String API\n - Make the Sidebar more independent\n - De-centralise the Config Variables\n - Refactor dialogs\n - Refactor: Help Bar generation\n - Make more APIs Context-free\n - Adjust the edata use in Maildir and Notmuch\n - Window refactoring\n - Convert libsend to use Config functions\n - Refactor notifications to reduce noise\n - Convert Keymaps to use STAILQ\n - Track currently selected email by msgid\n - Config: no backing global variable\n - Add events for key binding\n * Upstream\n - Fix imap postponed mailbox use-after-free error\n - Speed up thread sort when many long threads exist\n - Fix ~v tagging when switching to non-threaded sorting\n - Add message/global to the list of known \u0027message\u0027 types\n - Print progress meter when copying/saving tagged messages\n - Remove ansi formatting from autoview generated quoted replies\n - Change postpone mode to write Date header too\n - Unstuff format=flowed\n\n- Update to 20200626:\n * Bug Fixes\n - Avoid opening the same hcache file twice\n - Re-open Mailbox after folder-hook\n - Fix the matching of the spoolfile Mailbox\n - Fix link-thread to link all tagged emails\n * Changed Config\n - Add $tunnel_is_secure config, defaulting to true\n * Upstream\n - Don\u0027t check IMAP PREAUTH encryption if $tunnel is in use\n - Add recommendation to use $ssl_force_tls\n- Changes from 20200501:\n * Security\n - Abort GnuTLS certificate check if a cert in the chain is rejected\n CVE-2020-14154 boo#1172906\n - TLS: clear data after a starttls acknowledgement\n CVE-2020-14954 boo#1173197\n - Prevent possible IMAP MITM via PREAUTH response\n CVE-2020-14093 boo#1172935\n * Features\n - add config operations +=/-= for number,long\n - Address book has a comment field\n - Query menu has a comment field\n * Contrib\n sample.neomuttrc-starter: Do not echo prompted password\n * Bug Fixes\n - make \u0027news://\u0027 and \u0027nntp://\u0027 schemes interchangeable\n - Fix CRLF to LF conversion in base64 decoding\n - Double comma in query\n - compose: fix redraw after history\n - Crash inside empty query menu\n - mmdf: fix creating new mailbox\n - mh: fix creating new mailbox\n - mbox: error out when an mbox/mmdf is a pipe\n - Fix list-reply by correct parsing of List-Post headers\n - Decode references according to RFC2047\n - fix tagged message count\n - hcache: fix keylen not being considered when building the full key\n - sidebar: fix path comparison\n - Don\u0027t mess with the original pattern when running IMAP searches\n - Handle IMAP \u0027NO\u0027 resps by issuing a msg instead of failing badly\n - imap: use the connection delimiter if provided\n - Memory leaks\n * Changed Config\n - $alias_format default changed to include %c comment\n - $query_format default changed to include %e extra info\n * Translations\n - 100% Lithuanian\n - 84% French\n - Log the translation in use\n * Docs\n - Add missing commands unbind, unmacro to man pages\n * Build\n - Check size of long using LONG_MAX instead of __WORDSIZE\n - Allow ./configure to not record cflags\n - fix out-of-tree build\n - Avoid locating gdbm symbols in qdbm library\n * Code\n - Refactor unsafe TAILQ returns\n - add window notifications\n - flip negative ifs\n - Update to latest acutest.h\n - test: add store tests\n - test: add compression tests\n - graphviz: email\n - make more opcode info available\n - refactor: main_change_folder()\n - refactor: mutt_mailbox_next()\n - refactor: generate_body()\n - compress: add {min,max}_level to ComprOps\n - emphasise empty loops: \u0027// do nothing\u0027\n - prex: convert is_from() to use regex\n - Refactor IMAP\u0027s search routines\n\n- Update to 20200501:\n * Bug Fixes\n - Make sure buffers are initialized on error\n - fix(sidebar): use abbreviated path if possible\n * Translations\n - 100% Lithuanian\n * Docs\n - make header cache config more explicit\n- Changes from 20200424:\n * Bug Fixes\n - Fix history corruption\n - Handle pretty much anything in a URL query part\n - Correctly parse escaped characters in header phrases\n - Fix crash reading received header\n - Fix sidebar indentation\n - Avoid crashing on failure to parse an IMAP mailbox\n - Maildir: handle deleted emails correctly\n - Ensure OP_NULL is always first\n * Translations\n - 100% Czech\n * Build\n - cirrus: enable pcre2, make pkgconf a special case\n - Fix finding pcre2 w/o pkgconf\n - build: tdb.h needs size_t, bring it in with stddef.h\n- Changes from 20200417:\n * Features\n - Fluid layout for Compose Screen, see: vimeo.com/407231157\n - Trivial Database (TDB) header cache backend\n - RocksDB header cache backend\n - Add \u003csidebar-first\u003e and \u003csidebar-last\u003e functions\n * Bug Fixes\n - add error for CLI empty emails\n - Allow spaces and square brackets in paths\n - browser: fix hidden mailboxes\n - fix initial email display\n - notmuch: fix time window search.\n - fix resize bugs\n - notmuch: fix entire-thread: update current email pointer\n - sidebar: support indenting and shortening of names\n - Handle variables inside backticks in sidebar_whitelist\n - browser: fix mask regex error reporting\n * Translations\n - 100% Lithuanian\n - 99% Chinese (simplified)\n * Build\n - Use regexes for common parsing tasks: urls, dates\n - Add configure option --pcre2 -- Enable PCRE2 regular expressions\n - Add configure option --tdb -- Use TDB for the header cache\n - Add configure option --rocksdb -- Use RocksDB for the header cache\n - Create libstore (key/value backends)\n - Update to latest autosetup\n - Update to latest acutest.h\n - Rename doc/ directory to docs/\n - make: fix location of .Po dependency files\n - Change libcompress to be more universal\n - Fix test fails on \u044532\n - fix uidvalidity to unsigned 32-bit int\n * Code\n - Increase test coverage\n - Fix memory leaks\n - Fix null checks\n * Upstream\n - Buffer refactoring\n - Fix use-after-free in mutt_str_replace()\n - Clarify PGP Pseudo-header S\u003cid\u003e duration\n - Try to respect MUTT_QUIET for IMAP contexts too\n - Limit recurse depth when parsing mime messages\n\n- Update to 20200320:\n * Bug Fixes\n - Fix COLUMNS env var\n - Fix sync after delete\n - Fix crash in notmuch\n - Fix sidebar indent\n - Fix emptying trash\n - Fix command line sending\n - Fix reading large address lists\n - Resolve symlinks only when necessary\n * Translations\n - lithuania 100% Lithuanian\n - es 96% Spanish\n * Docs\n - Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output\n - Fix case of GPGME and SQLite\n * Build\n - Create libcompress (lz4, zlib, zstd)\n - Create libhistory\n - Create libbcache\n - Move zstrm to libconn\n * Code\n - Add more test coverage\n - Rename magic to type\n - Use mutt_file_fopen() on config variables\n - Change commands to use intptr_t for data\n\n- Update to 20200313:\n * Window layout\n - Sidebar is only visible when it\u0027s usable.\n * Features\n - UI: add number of old messages to sidebar_format\n - UI: support ISO 8601 calendar date\n - UI: fix commands that don\u2019t need to have a non-empty mailbox\n to be valid\n - PGP: inform about successful decryption of inline PGP\n messages\n - PGP: try to infer the signing key from the From address\n - PGP: enable GPGMe by default\n - Notmuch: use query as name for vfolder-from-query\n - IMAP: add network traffic compression\n (COMPRESS=DEFLATE, RFC4978)\n - Header cache: add support for generic header cache\n compression\n * Bug Fixes\n - Fix uncollapse_jump\n - Only try to perform entire-thread on maildir/mh mailboxes\n - Fix crash in pager\n - Avoid logging single new lines at the end of header fields\n - Fix listing mailboxes\n - Do not recurse a non-threaded message\n - Fix initial window order\n - Fix leaks on IMAP error paths\n - Notmuch: compose(attach-message): support notmuch backend\n - Fix IMAP flag comparison code\n - Fix $move for IMAP mailboxes\n - Maildir: maildir_mbox_check_stats should only update mailbox\n stats if requested\n - Fix unmailboxes for virtual mailboxes\n - Maildir: sanitize filename before hashing\n - OAuth: if \u0027login\u0027 name isn\u0027t available use \u0027user\u0027\n - Add error message on failed encryption\n - Fix a bunch of crashes\n - Force C locale for email date\n - Abort if run without a terminal\n * Changed Config\n - $crypt_use_gpgme - Now defaults to \u0027yes\u0027 (enabled)\n - $abort_backspace - Hitting backspace against an empty prompt\n aborts the prompt\n - $abort_key - String representation of key to abort prompts\n - $arrow_string - Use an custom string for arrow_cursor\n - $crypt_opportunistic_encrypt_strong_keys - Enable encryption\n only when strong a key is available\n - $header_cache_compress_dictionary - Filepath to dictionary\n for zstd compression\n - $header_cache_compress_level - Level of compression for\n method\n - $header_cache_compress_method - Enable generic hcache\n database compression\n - $imap_deflate - Compress network traffic\n - $smtp_user - Username for the SMTP server\n * Translations\n - 100% Lithuanian\n - 81% Spanish\n - 78% Russian\n * Build\n - Add libdebug\n - Rename public headers to lib.h\n - Create libcompress for compressed folders code\n * Code\n - Refactor Windows and Dialogs\n - Lots of code tidying\n - Refactor: mutt_addrlist_{search,write}\n - Lots of improvements to the Config code\n - Use Buffers more pervasively\n - Unify API function naming\n - Rename library shared headers\n - Refactor libconn gui dependencies\n - Refactor: init.[ch]\n - Refactor config to use subsets\n - Config: add path type\n - Remove backend deps from the connection code\n * Upstream\n - Allow ~b ~B ~h patterns in send2-hook\n - Rename smime oppenc mode parameter to get_keys_by_addr()\n - Add $crypt_opportunistic_encrypt_strong_keys config var\n - Fix crash when polling a closed ssl connection\n - Turn off auto-clear outside of autocrypt initialization\n - Add protected-headers=\u0027v1\u0027 to Content-Type when protecting\n headers\n - Fix segv in IMAP postponed menu caused by reopen_allow\n - Adding ISO 8601 calendar date\n - Fix $fcc_attach to not prompt in batch mode\n - Convert remaining mutt_encode_path() call to use struct\n Buffer\n - Fix rendering of replacement_char when Charset_is_utf8\n - Update to latest acutest.h\n\n- Update to 20191207:\n * Features:\n - compose: draw status bar with highlights\n * Bug Fixes:\n - crash opening notmuch mailbox\n - crash in mutt_autocrypt_ui_recommendation\n - Avoid negative allocation\n - Mbox new mail\n - Setting of DT_MAILBOX type variables from Lua\n - imap: empty cmdbuf before connecting\n - imap: select the mailbox on reconnect\n - compose: fix attach message\n * Build:\n - make files conditional\n * Code:\n - enum-ify log levels\n - fix function prototypes\n - refactor virtual email lookups\n - factor out global Context\n- Changes from 20191129:\n * Features:\n - Add raw mailsize expando (%cr)\n * Bug Fixes:\n - Avoid double question marks in bounce confirmation msg\n - Fix bounce confirmation\n - fix new-mail flags and behaviour\n - fix: browser \u003cdescend-directory\u003e\n - fix ssl crash\n - fix move to trash\n - fix flickering\n - Do not check hidden mailboxes for new mail\n - Fix new_mail_command notifications\n - fix crash in examine_mailboxes()\n - fix crash in mutt_sort_threads()\n - fix: crash after sending\n - Fix crash in tunnel\u0027s conn_close\n - fix fcc for deep dirs\n - imap: fix crash when new mail arrives\n - fix colour \u0027quoted9\u0027\n - quieten messages on exit\n - fix: crash after failed mbox_check\n - browser: default to a file/dir view when attaching a file\n * Changed Config:\n - Change $write_bcc to default off\n * Docs:\n - Add a bit more documentation about sending\n - Clarify $write_bcc documentation.\n - Update documentation for raw size expando\n - docbook: set generate.consistent.ids to make generated html\n reproducible\n * Build:\n - fix build/tests for 32-bit arches\n - tests: fix test that would fail soon\n - tests: fix context for failing idna tests\n\n- Update to 20191111:\n Bug fixes:\n * browser: fix directory view\n * fix crash in mutt_extract_token()\n * force a screen refresh\n * fix crash sending message from command line\n * notmuch: use nm_default_uri if no mailbox data\n * fix forward attachments\n * fix: vfprintf undefined behaviour in body_handler\n * Fix relative symlink resolution\n * fix: trash to non-existent file/dir\n * fix re-opening of mbox Mailboxes\n * close logging as late as possible\n * log unknown mailboxes\n * fix crash in command line postpone\n * fix memory leaks\n * fix icommand parsing\n * fix new mail interaction with mail_check_recent\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2127",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2127-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2127-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RDM45YGFPRPSTCQV554CQT4P74X6HNGI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2127-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RDM45YGFPRPSTCQV554CQT4P74X6HNGI/"
},
{
"category": "self",
"summary": "SUSE Bug 1172906",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "self",
"summary": "SUSE Bug 1172935",
"url": "https://bugzilla.suse.com/1172935"
},
{
"category": "self",
"summary": "SUSE Bug 1173197",
"url": "https://bugzilla.suse.com/1173197"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14093 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14154 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for neomutt",
"tracking": {
"current_release_date": "2020-11-30T19:22:48Z",
"generator": {
"date": "2020-11-30T19:22:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2127-1",
"initial_release_date": "2020-11-30T19:22:48Z",
"revision_history": [
{
"date": "2020-11-30T19:22:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "neomutt-doc-20201120-lp152.2.3.1.noarch",
"product": {
"name": "neomutt-doc-20201120-lp152.2.3.1.noarch",
"product_id": "neomutt-doc-20201120-lp152.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20201120-lp152.2.3.1.noarch",
"product": {
"name": "neomutt-lang-20201120-lp152.2.3.1.noarch",
"product_id": "neomutt-lang-20201120-lp152.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-lp152.2.3.1.x86_64",
"product": {
"name": "neomutt-20201120-lp152.2.3.1.x86_64",
"product_id": "neomutt-20201120-lp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64"
},
"product_reference": "neomutt-20201120-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20201120-lp152.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch"
},
"product_reference": "neomutt-doc-20201120-lp152.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20201120-lp152.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch"
},
"product_reference": "neomutt-lang-20201120-lp152.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64"
},
"product_reference": "neomutt-20201120-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20201120-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch"
},
"product_reference": "neomutt-doc-20201120-lp152.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20201120-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
},
"product_reference": "neomutt-lang-20201120-lp152.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14093"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14093",
"url": "https://www.suse.com/security/cve/CVE-2020-14093"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-30T19:22:48Z",
"details": "important"
}
],
"title": "CVE-2020-14093"
},
{
"cve": "CVE-2020-14154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14154"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14154",
"url": "https://www.suse.com/security/cve/CVE-2020-14154"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-30T19:22:48Z",
"details": "important"
}
],
"title": "CVE-2020-14154"
},
{
"cve": "CVE-2020-14954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14954"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14954",
"url": "https://www.suse.com/security/cve/CVE-2020-14954"
},
{
"category": "external",
"summary": "SUSE Bug 1173197 for CVE-2020-14954",
"url": "https://bugzilla.suse.com/1173197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-30T19:22:48Z",
"details": "important"
}
],
"title": "CVE-2020-14954"
},
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.1:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.1:neomutt-lang-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-20201120-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:neomutt-doc-20201120-lp152.2.3.1.noarch",
"openSUSE Leap 15.2:neomutt-lang-20201120-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-30T19:22:48Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2020:2141-1
Vulnerability from csaf_opensuse - Published: 2020-12-01 17:07 - Updated: 2020-12-01 17:07Summary
Security update for mutt
Notes
Title of the patch
Security update for mutt
Description of the patch
This update for mutt fixes the following issues:
- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-2141
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mutt fixes the following issues:\n\n- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)\n- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2141",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2141-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2141-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RYE5B2QAZHGR4OUGARLIROGTKWRSGYPL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2141-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RYE5B2QAZHGR4OUGARLIROGTKWRSGYPL/"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for mutt",
"tracking": {
"current_release_date": "2020-12-01T17:07:44Z",
"generator": {
"date": "2020-12-01T17:07:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2141-1",
"initial_release_date": "2020-12-01T17:07:44Z",
"revision_history": [
{
"date": "2020-12-01T17:07:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-doc-1.10.1-lp152.3.6.1.noarch",
"product": {
"name": "mutt-doc-1.10.1-lp152.3.6.1.noarch",
"product_id": "mutt-doc-1.10.1-lp152.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "mutt-lang-1.10.1-lp152.3.6.1.noarch",
"product": {
"name": "mutt-lang-1.10.1-lp152.3.6.1.noarch",
"product_id": "mutt-lang-1.10.1-lp152.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-lp152.3.6.1.x86_64",
"product": {
"name": "mutt-1.10.1-lp152.3.6.1.x86_64",
"product_id": "mutt-1.10.1-lp152.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-lp152.3.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mutt-1.10.1-lp152.3.6.1.x86_64"
},
"product_reference": "mutt-1.10.1-lp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-lp152.3.6.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mutt-doc-1.10.1-lp152.3.6.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-lp152.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-lp152.3.6.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mutt-lang-1.10.1-lp152.3.6.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-lp152.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:mutt-1.10.1-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:mutt-doc-1.10.1-lp152.3.6.1.noarch",
"openSUSE Leap 15.2:mutt-lang-1.10.1-lp152.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:mutt-1.10.1-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:mutt-doc-1.10.1-lp152.3.6.1.noarch",
"openSUSE Leap 15.2:mutt-lang-1.10.1-lp152.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:mutt-1.10.1-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:mutt-doc-1.10.1-lp152.3.6.1.noarch",
"openSUSE Leap 15.2:mutt-lang-1.10.1-lp152.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-01T17:07:44Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2020:2128-1
Vulnerability from csaf_opensuse - Published: 2020-12-01 00:42 - Updated: 2020-12-01 00:42Summary
Security update for mutt
Notes
Title of the patch
Security update for mutt
Description of the patch
This update for mutt fixes the following issues:
- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)
- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-2128
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mutt fixes the following issues:\n\n- CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)\n- Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2128",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2128-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2128-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDEIF6HZ3PYQV7UDRJUX7FTYYPTVCBVB/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2128-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDEIF6HZ3PYQV7UDRJUX7FTYYPTVCBVB/"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for mutt",
"tracking": {
"current_release_date": "2020-12-01T00:42:22Z",
"generator": {
"date": "2020-12-01T00:42:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2128-1",
"initial_release_date": "2020-12-01T00:42:22Z",
"revision_history": [
{
"date": "2020-12-01T00:42:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-doc-1.10.1-lp151.2.6.1.noarch",
"product": {
"name": "mutt-doc-1.10.1-lp151.2.6.1.noarch",
"product_id": "mutt-doc-1.10.1-lp151.2.6.1.noarch"
}
},
{
"category": "product_version",
"name": "mutt-lang-1.10.1-lp151.2.6.1.noarch",
"product": {
"name": "mutt-lang-1.10.1-lp151.2.6.1.noarch",
"product_id": "mutt-lang-1.10.1-lp151.2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-1.10.1-lp151.2.6.1.x86_64",
"product": {
"name": "mutt-1.10.1-lp151.2.6.1.x86_64",
"product_id": "mutt-1.10.1-lp151.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-1.10.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mutt-1.10.1-lp151.2.6.1.x86_64"
},
"product_reference": "mutt-1.10.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-1.10.1-lp151.2.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mutt-doc-1.10.1-lp151.2.6.1.noarch"
},
"product_reference": "mutt-doc-1.10.1-lp151.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-1.10.1-lp151.2.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mutt-lang-1.10.1-lp151.2.6.1.noarch"
},
"product_reference": "mutt-lang-1.10.1-lp151.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:mutt-1.10.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:mutt-doc-1.10.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:mutt-lang-1.10.1-lp151.2.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:mutt-1.10.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:mutt-doc-1.10.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:mutt-lang-1.10.1-lp151.2.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:mutt-1.10.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:mutt-doc-1.10.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:mutt-lang-1.10.1-lp151.2.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-01T00:42:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2020:2157-1
Vulnerability from csaf_opensuse - Published: 2020-12-04 09:23 - Updated: 2020-12-04 09:23Summary
Security update for neomutt
Notes
Title of the patch
Security update for neomutt
Description of the patch
This update for neomutt fixes the following issues:
Update neomutt to 20201120. Address boo#1179035, CVE-2020-28896.
* Security
- imap: close connection on all failures
* Features
- alias: add function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
- Changes from 20200925
* Features
- Compose: display user-defined headers
- Address Book / Query: live sorting
- Address Book / Query: patterns for searching
- Config: Add '+=' and '-=' operators for String Lists
- Config: Add '+=' operator for Strings
- Allow postfix query ':setenv NAME?' for env vars
* Bug Fixes
- Fix crash when searching with invalid regexes
- Compose: Prevent infinite loop of send2-hooks
- Fix sidebar on new/removed mailboxes
- Restore indentation for named mailboxes
- Prevent half-parsing an alias
- Remove folder creation prompt for POP path
- Show error if $message_cachedir doesn't point to a valid directory
- Fix tracking LastDir in case of IMAP paths with Unicode characters
- Make sure all mail gets applied the index limit
- Add warnings to -Q query CLI option
- Fix index tracking functionality
* Changed Config
- Add $compose_show_user_headers (yes)
* Translations
- 100% Czech
- 100% Lithuanian
- Split up usage strings
* Build
- Run shellcheck on hcachever.sh
- Add the Address Sanitizer
- Move compose files to lib under compose/
- Move address config into libaddress
- Update to latest acutest - fixes a memory leak in the unit tests
* Code
- Implement ARRAY API
- Deglobalised the Config Sort functions
- Refactor the Sidebar to be Event-Driven
- Refactor the Color Event
- Refactor the Commands list
- Make ctx_update_tables private
- Reduce the scope/deps of some Validator functions
- Use the Email's IMAP UID instead of an increasing number as index
- debug: log window focus
- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch.
No longer needed.
- Update to 20200821:
* Bug Fixes
- fix maildir flag generation
- fix query notmuch if file is missing
- notmuch: don't abort sync on error
- fix type checking for send config variables
* Changed Config
- $sidebar_format - Use %D rather than %B for named mailboxes
* Translations
- 96% Lithuanian
- 90% Polish
- fix(sidebar): abbreviate/shorten what user sees
- Fix sidebar mailbox name display problem.
- Update to 20200814:
* Notes
- Add one-liner docs to config items
See: neomutt -O -Q smart_wrap
- Remove the built-in editor
A large unused and unusable feature
* Security
- Add mitigation against DoS from thousands of parts
boo#1179113
* Features
- Allow index-style searching in postpone menu
- Open NeoMutt using a mailbox name
- Add cd command to change the current working directory
- Add tab-completion menu for patterns
- Allow renaming existing mailboxes
- Check for missing attachments in alternative parts
- Add one-liner docs to config items
* Bug Fixes
- Fix logic in checking an empty From address
- Fix Imap crash in cmd_parse_expunge()
- Fix setting attributes with S-Lang
- Fix: redrawing of $pager_index_lines
- Fix progress percentage for syncing large mboxes
- Fix sidebar drawing in presence of indentation + named mailboxes
- Fix retrieval of drafts when 'postponed' is not in the mailboxes list
- Do not add comments to address group terminators
- Fix alias sorting for degenerate addresses
- Fix attaching emails
- Create directories for nonexistent file hcache case
- Avoid creating mailboxes for failed subscribes
- Fix crash if rejecting cert
* Changed Config
- Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed
- Change default of $crypt_protected_headers_subject to '...'
- Add default keybindings to history-up/down
* Translations
- 100% Czech
- 100% Spanish
* Build
- Allow building against Lua 5.4
- Fix when sqlite3.h is missing
* Docs
- Add a brief section on stty to the manual
- Update section 'Terminal Keybindings' in the manual
- Clarify PGP Pseudo-header S<id> duration
* Code
- Clean up String API
- Make the Sidebar more independent
- De-centralise the Config Variables
- Refactor dialogs
- Refactor: Help Bar generation
- Make more APIs Context-free
- Adjust the edata use in Maildir and Notmuch
- Window refactoring
- Convert libsend to use Config functions
- Refactor notifications to reduce noise
- Convert Keymaps to use STAILQ
- Track currently selected email by msgid
- Config: no backing global variable
- Add events for key binding
* Upstream
- Fix imap postponed mailbox use-after-free error
- Speed up thread sort when many long threads exist
- Fix ~v tagging when switching to non-threaded sorting
- Add message/global to the list of known 'message' types
- Print progress meter when copying/saving tagged messages
- Remove ansi formatting from autoview generated quoted replies
- Change postpone mode to write Date header too
- Unstuff format=flowed
- Update to 20200626:
* Bug Fixes
- Avoid opening the same hcache file twice
- Re-open Mailbox after folder-hook
- Fix the matching of the spoolfile Mailbox
- Fix link-thread to link all tagged emails
* Changed Config
- Add $tunnel_is_secure config, defaulting to true
* Upstream
- Don't check IMAP PREAUTH encryption if $tunnel is in use
- Add recommendation to use $ssl_force_tls
- Changes from 20200501:
* Security
- Abort GnuTLS certificate check if a cert in the chain is rejected
CVE-2020-14154 boo#1172906
- TLS: clear data after a starttls acknowledgement
CVE-2020-14954 boo#1173197
- Prevent possible IMAP MITM via PREAUTH response
CVE-2020-14093 boo#1172935
* Features
- add config operations +=/-= for number,long
- Address book has a comment field
- Query menu has a comment field
* Contrib
sample.neomuttrc-starter: Do not echo prompted password
* Bug Fixes
- make 'news://' and 'nntp://' schemes interchangeable
- Fix CRLF to LF conversion in base64 decoding
- Double comma in query
- compose: fix redraw after history
- Crash inside empty query menu
- mmdf: fix creating new mailbox
- mh: fix creating new mailbox
- mbox: error out when an mbox/mmdf is a pipe
- Fix list-reply by correct parsing of List-Post headers
- Decode references according to RFC2047
- fix tagged message count
- hcache: fix keylen not being considered when building the full key
- sidebar: fix path comparison
- Don't mess with the original pattern when running IMAP searches
- Handle IMAP 'NO' resps by issuing a msg instead of failing badly
- imap: use the connection delimiter if provided
- Memory leaks
* Changed Config
- $alias_format default changed to include %c comment
- $query_format default changed to include %e extra info
* Translations
- 100% Lithuanian
- 84% French
- Log the translation in use
* Docs
- Add missing commands unbind, unmacro to man pages
* Build
- Check size of long using LONG_MAX instead of __WORDSIZE
- Allow ./configure to not record cflags
- fix out-of-tree build
- Avoid locating gdbm symbols in qdbm library
* Code
- Refactor unsafe TAILQ returns
- add window notifications
- flip negative ifs
- Update to latest acutest.h
- test: add store tests
- test: add compression tests
- graphviz: email
- make more opcode info available
- refactor: main_change_folder()
- refactor: mutt_mailbox_next()
- refactor: generate_body()
- compress: add {min,max}_level to ComprOps
- emphasise empty loops: '// do nothing'
- prex: convert is_from() to use regex
- Refactor IMAP's search routines
- Update to 20200501:
* Bug Fixes
- Make sure buffers are initialized on error
- fix(sidebar): use abbreviated path if possible
* Translations
- 100% Lithuanian
* Docs
- make header cache config more explicit
- Changes from 20200424:
* Bug Fixes
- Fix history corruption
- Handle pretty much anything in a URL query part
- Correctly parse escaped characters in header phrases
- Fix crash reading received header
- Fix sidebar indentation
- Avoid crashing on failure to parse an IMAP mailbox
- Maildir: handle deleted emails correctly
- Ensure OP_NULL is always first
* Translations
- 100% Czech
* Build
- cirrus: enable pcre2, make pkgconf a special case
- Fix finding pcre2 w/o pkgconf
- build: tdb.h needs size_t, bring it in with stddef.h
- Changes from 20200417:
* Features
- Fluid layout for Compose Screen, see: vimeo.com/407231157
- Trivial Database (TDB) header cache backend
- RocksDB header cache backend
- Add <sidebar-first> and <sidebar-last> functions
* Bug Fixes
- add error for CLI empty emails
- Allow spaces and square brackets in paths
- browser: fix hidden mailboxes
- fix initial email display
- notmuch: fix time window search.
- fix resize bugs
- notmuch: fix entire-thread: update current email pointer
- sidebar: support indenting and shortening of names
- Handle variables inside backticks in sidebar_whitelist
- browser: fix mask regex error reporting
* Translations
- 100% Lithuanian
- 99% Chinese (simplified)
* Build
- Use regexes for common parsing tasks: urls, dates
- Add configure option --pcre2 -- Enable PCRE2 regular expressions
- Add configure option --tdb -- Use TDB for the header cache
- Add configure option --rocksdb -- Use RocksDB for the header cache
- Create libstore (key/value backends)
- Update to latest autosetup
- Update to latest acutest.h
- Rename doc/ directory to docs/
- make: fix location of .Po dependency files
- Change libcompress to be more universal
- Fix test fails on х32
- fix uidvalidity to unsigned 32-bit int
* Code
- Increase test coverage
- Fix memory leaks
- Fix null checks
* Upstream
- Buffer refactoring
- Fix use-after-free in mutt_str_replace()
- Clarify PGP Pseudo-header S<id> duration
- Try to respect MUTT_QUIET for IMAP contexts too
- Limit recurse depth when parsing mime messages
- Update to 20200320:
* Bug Fixes
- Fix COLUMNS env var
- Fix sync after delete
- Fix crash in notmuch
- Fix sidebar indent
- Fix emptying trash
- Fix command line sending
- Fix reading large address lists
- Resolve symlinks only when necessary
* Translations
- lithuania 100% Lithuanian
- es 96% Spanish
* Docs
- Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output
- Fix case of GPGME and SQLite
* Build
- Create libcompress (lz4, zlib, zstd)
- Create libhistory
- Create libbcache
- Move zstrm to libconn
* Code
- Add more test coverage
- Rename magic to type
- Use mutt_file_fopen() on config variables
- Change commands to use intptr_t for data
- Update to 20200313:
* Window layout
- Sidebar is only visible when it's usable.
* Features
- UI: add number of old messages to sidebar_format
- UI: support ISO 8601 calendar date
- UI: fix commands that don’t need to have a non-empty mailbox
to be valid
- PGP: inform about successful decryption of inline PGP
messages
- PGP: try to infer the signing key from the From address
- PGP: enable GPGMe by default
- Notmuch: use query as name for vfolder-from-query
- IMAP: add network traffic compression
(COMPRESS=DEFLATE, RFC4978)
- Header cache: add support for generic header cache
compression
* Bug Fixes
- Fix uncollapse_jump
- Only try to perform entire-thread on maildir/mh mailboxes
- Fix crash in pager
- Avoid logging single new lines at the end of header fields
- Fix listing mailboxes
- Do not recurse a non-threaded message
- Fix initial window order
- Fix leaks on IMAP error paths
- Notmuch: compose(attach-message): support notmuch backend
- Fix IMAP flag comparison code
- Fix $move for IMAP mailboxes
- Maildir: maildir_mbox_check_stats should only update mailbox
stats if requested
- Fix unmailboxes for virtual mailboxes
- Maildir: sanitize filename before hashing
- OAuth: if 'login' name isn't available use 'user'
- Add error message on failed encryption
- Fix a bunch of crashes
- Force C locale for email date
- Abort if run without a terminal
* Changed Config
- $crypt_use_gpgme - Now defaults to 'yes' (enabled)
- $abort_backspace - Hitting backspace against an empty prompt
aborts the prompt
- $abort_key - String representation of key to abort prompts
- $arrow_string - Use an custom string for arrow_cursor
- $crypt_opportunistic_encrypt_strong_keys - Enable encryption
only when strong a key is available
- $header_cache_compress_dictionary - Filepath to dictionary
for zstd compression
- $header_cache_compress_level - Level of compression for
method
- $header_cache_compress_method - Enable generic hcache
database compression
- $imap_deflate - Compress network traffic
- $smtp_user - Username for the SMTP server
* Translations
- 100% Lithuanian
- 81% Spanish
- 78% Russian
* Build
- Add libdebug
- Rename public headers to lib.h
- Create libcompress for compressed folders code
* Code
- Refactor Windows and Dialogs
- Lots of code tidying
- Refactor: mutt_addrlist_{search,write}
- Lots of improvements to the Config code
- Use Buffers more pervasively
- Unify API function naming
- Rename library shared headers
- Refactor libconn gui dependencies
- Refactor: init.[ch]
- Refactor config to use subsets
- Config: add path type
- Remove backend deps from the connection code
* Upstream
- Allow ~b ~B ~h patterns in send2-hook
- Rename smime oppenc mode parameter to get_keys_by_addr()
- Add $crypt_opportunistic_encrypt_strong_keys config var
- Fix crash when polling a closed ssl connection
- Turn off auto-clear outside of autocrypt initialization
- Add protected-headers='v1' to Content-Type when protecting
headers
- Fix segv in IMAP postponed menu caused by reopen_allow
- Adding ISO 8601 calendar date
- Fix $fcc_attach to not prompt in batch mode
- Convert remaining mutt_encode_path() call to use struct
Buffer
- Fix rendering of replacement_char when Charset_is_utf8
- Update to latest acutest.h
- Update to 20191207:
* Features:
- compose: draw status bar with highlights
* Bug Fixes:
- crash opening notmuch mailbox
- crash in mutt_autocrypt_ui_recommendation
- Avoid negative allocation
- Mbox new mail
- Setting of DT_MAILBOX type variables from Lua
- imap: empty cmdbuf before connecting
- imap: select the mailbox on reconnect
- compose: fix attach message
* Build:
- make files conditional
* Code:
- enum-ify log levels
- fix function prototypes
- refactor virtual email lookups
- factor out global Context
- Changes from 20191129:
* Features:
- Add raw mailsize expando (%cr)
* Bug Fixes:
- Avoid double question marks in bounce confirmation msg
- Fix bounce confirmation
- fix new-mail flags and behaviour
- fix: browser <descend-directory>
- fix ssl crash
- fix move to trash
- fix flickering
- Do not check hidden mailboxes for new mail
- Fix new_mail_command notifications
- fix crash in examine_mailboxes()
- fix crash in mutt_sort_threads()
- fix: crash after sending
- Fix crash in tunnel's conn_close
- fix fcc for deep dirs
- imap: fix crash when new mail arrives
- fix colour 'quoted9'
- quieten messages on exit
- fix: crash after failed mbox_check
- browser: default to a file/dir view when attaching a file
* Changed Config:
- Change $write_bcc to default off
* Docs:
- Add a bit more documentation about sending
- Clarify $write_bcc documentation.
- Update documentation for raw size expando
- docbook: set generate.consistent.ids to make generated html
reproducible
* Build:
- fix build/tests for 32-bit arches
- tests: fix test that would fail soon
- tests: fix context for failing idna tests
- Update to 20191111:
Bug fixes:
* browser: fix directory view
* fix crash in mutt_extract_token()
* force a screen refresh
* fix crash sending message from command line
* notmuch: use nm_default_uri if no mailbox data
* fix forward attachments
* fix: vfprintf undefined behaviour in body_handler
* Fix relative symlink resolution
* fix: trash to non-existent file/dir
* fix re-opening of mbox Mailboxes
* close logging as late as possible
* log unknown mailboxes
* fix crash in command line postpone
* fix memory leaks
* fix icommand parsing
* fix new mail interaction with mail_check_recent
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-2157
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for neomutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for neomutt fixes the following issues:\n\nUpdate neomutt to 20201120. Address boo#1179035, CVE-2020-28896.\n\n * Security\n - imap: close connection on all failures\n * Features\n - alias: add function to Alias/Query dialogs\n - config: add validators for {imap,smtp,pop}_authenticators\n - config: warn when signature file is missing or not readable\n - smtp: support for native SMTP LOGIN auth mech\n - notmuch: show originating folder in index\n * Bug Fixes\n - sidebar: prevent the divider colour bleeding out\n - sidebar: fix \u003csidebar-{next,prev}-new\u003e\n - notmuch: fix query for current email\n - restore shutdown-hook functionality\n - crash in reply-to\n - user-after-free in folder-hook\n - fix some leaks\n - fix application of limits to modified mailboxes\n - write Date header when postponing\n * Translations\n - 100% Lithuanian\n - 100% Czech\n - 70% Turkish\n * Docs\n - Document that $sort_alias affects the query menu\n * Build\n - improve ASAN flags\n - add SASL and S/MIME to --everything\n - fix contrib (un)install\n * Code\n - my_hdr compose screen notifications\n - add contracts to the MXAPI\n - maildir refactoring\n - further reduce the use of global variables\n * Upstream\n - Add $count_alternatives to count attachments inside alternatives\n- Changes from 20200925\n * Features\n - Compose: display user-defined headers\n - Address Book / Query: live sorting\n - Address Book / Query: patterns for searching\n - Config: Add \u0027+=\u0027 and \u0027-=\u0027 operators for String Lists\n - Config: Add \u0027+=\u0027 operator for Strings\n - Allow postfix query \u0027:setenv NAME?\u0027 for env vars\n * Bug Fixes\n - Fix crash when searching with invalid regexes\n - Compose: Prevent infinite loop of send2-hooks\n - Fix sidebar on new/removed mailboxes\n - Restore indentation for named mailboxes\n - Prevent half-parsing an alias\n - Remove folder creation prompt for POP path\n - Show error if $message_cachedir doesn\u0027t point to a valid directory\n - Fix tracking LastDir in case of IMAP paths with Unicode characters\n - Make sure all mail gets applied the index limit\n - Add warnings to -Q query CLI option\n - Fix index tracking functionality\n * Changed Config\n - Add $compose_show_user_headers (yes)\n * Translations\n - 100% Czech\n - 100% Lithuanian\n - Split up usage strings\n * Build\n - Run shellcheck on hcachever.sh\n - Add the Address Sanitizer\n - Move compose files to lib under compose/\n - Move address config into libaddress\n - Update to latest acutest - fixes a memory leak in the unit tests\n * Code\n - Implement ARRAY API\n - Deglobalised the Config Sort functions\n - Refactor the Sidebar to be Event-Driven\n - Refactor the Color Event\n - Refactor the Commands list\n - Make ctx_update_tables private\n - Reduce the scope/deps of some Validator functions\n - Use the Email\u0027s IMAP UID instead of an increasing number as index\n - debug: log window focus\n- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch.\n No longer needed.\n\n- Update to 20200821:\n * Bug Fixes\n - fix maildir flag generation\n - fix query notmuch if file is missing\n - notmuch: don\u0027t abort sync on error\n - fix type checking for send config variables\n * Changed Config\n - $sidebar_format - Use %D rather than %B for named mailboxes\n * Translations\n - 96% Lithuanian\n - 90% Polish\n- fix(sidebar): abbreviate/shorten what user sees\n\n- Fix sidebar mailbox name display problem. \n\n- Update to 20200814:\n * Notes\n - Add one-liner docs to config items\n See: neomutt -O -Q smart_wrap\n - Remove the built-in editor\n A large unused and unusable feature\n * Security\n - Add mitigation against DoS from thousands of parts\n boo#1179113\n * Features\n - Allow index-style searching in postpone menu\n - Open NeoMutt using a mailbox name\n - Add cd command to change the current working directory\n - Add tab-completion menu for patterns\n - Allow renaming existing mailboxes\n - Check for missing attachments in alternative parts\n - Add one-liner docs to config items\n * Bug Fixes\n - Fix logic in checking an empty From address\n - Fix Imap crash in cmd_parse_expunge()\n - Fix setting attributes with S-Lang\n - Fix: redrawing of $pager_index_lines\n - Fix progress percentage for syncing large mboxes\n - Fix sidebar drawing in presence of indentation + named mailboxes\n - Fix retrieval of drafts when \u0027postponed\u0027 is not in the mailboxes list\n - Do not add comments to address group terminators\n - Fix alias sorting for degenerate addresses\n - Fix attaching emails\n - Create directories for nonexistent file hcache case\n - Avoid creating mailboxes for failed subscribes\n - Fix crash if rejecting cert\n * Changed Config\n - Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed\n - Change default of $crypt_protected_headers_subject to \u0027...\u0027\n - Add default keybindings to history-up/down\n * Translations\n - 100% Czech\n - 100% Spanish\n * Build\n - Allow building against Lua 5.4\n - Fix when sqlite3.h is missing\n * Docs\n - Add a brief section on stty to the manual\n - Update section \u0027Terminal Keybindings\u0027 in the manual\n - Clarify PGP Pseudo-header S\u003cid\u003e duration\n * Code\n - Clean up String API\n - Make the Sidebar more independent\n - De-centralise the Config Variables\n - Refactor dialogs\n - Refactor: Help Bar generation\n - Make more APIs Context-free\n - Adjust the edata use in Maildir and Notmuch\n - Window refactoring\n - Convert libsend to use Config functions\n - Refactor notifications to reduce noise\n - Convert Keymaps to use STAILQ\n - Track currently selected email by msgid\n - Config: no backing global variable\n - Add events for key binding\n * Upstream\n - Fix imap postponed mailbox use-after-free error\n - Speed up thread sort when many long threads exist\n - Fix ~v tagging when switching to non-threaded sorting\n - Add message/global to the list of known \u0027message\u0027 types\n - Print progress meter when copying/saving tagged messages\n - Remove ansi formatting from autoview generated quoted replies\n - Change postpone mode to write Date header too\n - Unstuff format=flowed\n\n- Update to 20200626:\n * Bug Fixes\n - Avoid opening the same hcache file twice\n - Re-open Mailbox after folder-hook\n - Fix the matching of the spoolfile Mailbox\n - Fix link-thread to link all tagged emails\n * Changed Config\n - Add $tunnel_is_secure config, defaulting to true\n * Upstream\n - Don\u0027t check IMAP PREAUTH encryption if $tunnel is in use\n - Add recommendation to use $ssl_force_tls\n- Changes from 20200501:\n * Security\n - Abort GnuTLS certificate check if a cert in the chain is rejected\n CVE-2020-14154 boo#1172906\n - TLS: clear data after a starttls acknowledgement\n CVE-2020-14954 boo#1173197\n - Prevent possible IMAP MITM via PREAUTH response\n CVE-2020-14093 boo#1172935\n * Features\n - add config operations +=/-= for number,long\n - Address book has a comment field\n - Query menu has a comment field\n * Contrib\n sample.neomuttrc-starter: Do not echo prompted password\n * Bug Fixes\n - make \u0027news://\u0027 and \u0027nntp://\u0027 schemes interchangeable\n - Fix CRLF to LF conversion in base64 decoding\n - Double comma in query\n - compose: fix redraw after history\n - Crash inside empty query menu\n - mmdf: fix creating new mailbox\n - mh: fix creating new mailbox\n - mbox: error out when an mbox/mmdf is a pipe\n - Fix list-reply by correct parsing of List-Post headers\n - Decode references according to RFC2047\n - fix tagged message count\n - hcache: fix keylen not being considered when building the full key\n - sidebar: fix path comparison\n - Don\u0027t mess with the original pattern when running IMAP searches\n - Handle IMAP \u0027NO\u0027 resps by issuing a msg instead of failing badly\n - imap: use the connection delimiter if provided\n - Memory leaks\n * Changed Config\n - $alias_format default changed to include %c comment\n - $query_format default changed to include %e extra info\n * Translations\n - 100% Lithuanian\n - 84% French\n - Log the translation in use\n * Docs\n - Add missing commands unbind, unmacro to man pages\n * Build\n - Check size of long using LONG_MAX instead of __WORDSIZE\n - Allow ./configure to not record cflags\n - fix out-of-tree build\n - Avoid locating gdbm symbols in qdbm library\n * Code\n - Refactor unsafe TAILQ returns\n - add window notifications\n - flip negative ifs\n - Update to latest acutest.h\n - test: add store tests\n - test: add compression tests\n - graphviz: email\n - make more opcode info available\n - refactor: main_change_folder()\n - refactor: mutt_mailbox_next()\n - refactor: generate_body()\n - compress: add {min,max}_level to ComprOps\n - emphasise empty loops: \u0027// do nothing\u0027\n - prex: convert is_from() to use regex\n - Refactor IMAP\u0027s search routines\n\n- Update to 20200501:\n * Bug Fixes\n - Make sure buffers are initialized on error\n - fix(sidebar): use abbreviated path if possible\n * Translations\n - 100% Lithuanian\n * Docs\n - make header cache config more explicit\n- Changes from 20200424:\n * Bug Fixes\n - Fix history corruption\n - Handle pretty much anything in a URL query part\n - Correctly parse escaped characters in header phrases\n - Fix crash reading received header\n - Fix sidebar indentation\n - Avoid crashing on failure to parse an IMAP mailbox\n - Maildir: handle deleted emails correctly\n - Ensure OP_NULL is always first\n * Translations\n - 100% Czech\n * Build\n - cirrus: enable pcre2, make pkgconf a special case\n - Fix finding pcre2 w/o pkgconf\n - build: tdb.h needs size_t, bring it in with stddef.h\n- Changes from 20200417:\n * Features\n - Fluid layout for Compose Screen, see: vimeo.com/407231157\n - Trivial Database (TDB) header cache backend\n - RocksDB header cache backend\n - Add \u003csidebar-first\u003e and \u003csidebar-last\u003e functions\n * Bug Fixes\n - add error for CLI empty emails\n - Allow spaces and square brackets in paths\n - browser: fix hidden mailboxes\n - fix initial email display\n - notmuch: fix time window search.\n - fix resize bugs\n - notmuch: fix entire-thread: update current email pointer\n - sidebar: support indenting and shortening of names\n - Handle variables inside backticks in sidebar_whitelist\n - browser: fix mask regex error reporting\n * Translations\n - 100% Lithuanian\n - 99% Chinese (simplified)\n * Build\n - Use regexes for common parsing tasks: urls, dates\n - Add configure option --pcre2 -- Enable PCRE2 regular expressions\n - Add configure option --tdb -- Use TDB for the header cache\n - Add configure option --rocksdb -- Use RocksDB for the header cache\n - Create libstore (key/value backends)\n - Update to latest autosetup\n - Update to latest acutest.h\n - Rename doc/ directory to docs/\n - make: fix location of .Po dependency files\n - Change libcompress to be more universal\n - Fix test fails on \u044532\n - fix uidvalidity to unsigned 32-bit int\n * Code\n - Increase test coverage\n - Fix memory leaks\n - Fix null checks\n * Upstream\n - Buffer refactoring\n - Fix use-after-free in mutt_str_replace()\n - Clarify PGP Pseudo-header S\u003cid\u003e duration\n - Try to respect MUTT_QUIET for IMAP contexts too\n - Limit recurse depth when parsing mime messages\n\n- Update to 20200320:\n * Bug Fixes\n - Fix COLUMNS env var\n - Fix sync after delete\n - Fix crash in notmuch\n - Fix sidebar indent\n - Fix emptying trash\n - Fix command line sending\n - Fix reading large address lists\n - Resolve symlinks only when necessary\n * Translations\n - lithuania 100% Lithuanian\n - es 96% Spanish\n * Docs\n - Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output\n - Fix case of GPGME and SQLite\n * Build\n - Create libcompress (lz4, zlib, zstd)\n - Create libhistory\n - Create libbcache\n - Move zstrm to libconn\n * Code\n - Add more test coverage\n - Rename magic to type\n - Use mutt_file_fopen() on config variables\n - Change commands to use intptr_t for data\n\n- Update to 20200313:\n * Window layout\n - Sidebar is only visible when it\u0027s usable.\n * Features\n - UI: add number of old messages to sidebar_format\n - UI: support ISO 8601 calendar date\n - UI: fix commands that don\u2019t need to have a non-empty mailbox\n to be valid\n - PGP: inform about successful decryption of inline PGP\n messages\n - PGP: try to infer the signing key from the From address\n - PGP: enable GPGMe by default\n - Notmuch: use query as name for vfolder-from-query\n - IMAP: add network traffic compression\n (COMPRESS=DEFLATE, RFC4978)\n - Header cache: add support for generic header cache\n compression\n * Bug Fixes\n - Fix uncollapse_jump\n - Only try to perform entire-thread on maildir/mh mailboxes\n - Fix crash in pager\n - Avoid logging single new lines at the end of header fields\n - Fix listing mailboxes\n - Do not recurse a non-threaded message\n - Fix initial window order\n - Fix leaks on IMAP error paths\n - Notmuch: compose(attach-message): support notmuch backend\n - Fix IMAP flag comparison code\n - Fix $move for IMAP mailboxes\n - Maildir: maildir_mbox_check_stats should only update mailbox\n stats if requested\n - Fix unmailboxes for virtual mailboxes\n - Maildir: sanitize filename before hashing\n - OAuth: if \u0027login\u0027 name isn\u0027t available use \u0027user\u0027\n - Add error message on failed encryption\n - Fix a bunch of crashes\n - Force C locale for email date\n - Abort if run without a terminal\n * Changed Config\n - $crypt_use_gpgme - Now defaults to \u0027yes\u0027 (enabled)\n - $abort_backspace - Hitting backspace against an empty prompt\n aborts the prompt\n - $abort_key - String representation of key to abort prompts\n - $arrow_string - Use an custom string for arrow_cursor\n - $crypt_opportunistic_encrypt_strong_keys - Enable encryption\n only when strong a key is available\n - $header_cache_compress_dictionary - Filepath to dictionary\n for zstd compression\n - $header_cache_compress_level - Level of compression for\n method\n - $header_cache_compress_method - Enable generic hcache\n database compression\n - $imap_deflate - Compress network traffic\n - $smtp_user - Username for the SMTP server\n * Translations\n - 100% Lithuanian\n - 81% Spanish\n - 78% Russian\n * Build\n - Add libdebug\n - Rename public headers to lib.h\n - Create libcompress for compressed folders code\n * Code\n - Refactor Windows and Dialogs\n - Lots of code tidying\n - Refactor: mutt_addrlist_{search,write}\n - Lots of improvements to the Config code\n - Use Buffers more pervasively\n - Unify API function naming\n - Rename library shared headers\n - Refactor libconn gui dependencies\n - Refactor: init.[ch]\n - Refactor config to use subsets\n - Config: add path type\n - Remove backend deps from the connection code\n * Upstream\n - Allow ~b ~B ~h patterns in send2-hook\n - Rename smime oppenc mode parameter to get_keys_by_addr()\n - Add $crypt_opportunistic_encrypt_strong_keys config var\n - Fix crash when polling a closed ssl connection\n - Turn off auto-clear outside of autocrypt initialization\n - Add protected-headers=\u0027v1\u0027 to Content-Type when protecting\n headers\n - Fix segv in IMAP postponed menu caused by reopen_allow\n - Adding ISO 8601 calendar date\n - Fix $fcc_attach to not prompt in batch mode\n - Convert remaining mutt_encode_path() call to use struct\n Buffer\n - Fix rendering of replacement_char when Charset_is_utf8\n - Update to latest acutest.h\n\n- Update to 20191207:\n * Features:\n - compose: draw status bar with highlights\n * Bug Fixes:\n - crash opening notmuch mailbox\n - crash in mutt_autocrypt_ui_recommendation\n - Avoid negative allocation\n - Mbox new mail\n - Setting of DT_MAILBOX type variables from Lua\n - imap: empty cmdbuf before connecting\n - imap: select the mailbox on reconnect\n - compose: fix attach message\n * Build:\n - make files conditional\n * Code:\n - enum-ify log levels\n - fix function prototypes\n - refactor virtual email lookups\n - factor out global Context\n- Changes from 20191129:\n * Features:\n - Add raw mailsize expando (%cr)\n * Bug Fixes:\n - Avoid double question marks in bounce confirmation msg\n - Fix bounce confirmation\n - fix new-mail flags and behaviour\n - fix: browser \u003cdescend-directory\u003e\n - fix ssl crash\n - fix move to trash\n - fix flickering\n - Do not check hidden mailboxes for new mail\n - Fix new_mail_command notifications\n - fix crash in examine_mailboxes()\n - fix crash in mutt_sort_threads()\n - fix: crash after sending\n - Fix crash in tunnel\u0027s conn_close\n - fix fcc for deep dirs\n - imap: fix crash when new mail arrives\n - fix colour \u0027quoted9\u0027\n - quieten messages on exit\n - fix: crash after failed mbox_check\n - browser: default to a file/dir view when attaching a file\n * Changed Config:\n - Change $write_bcc to default off\n * Docs:\n - Add a bit more documentation about sending\n - Clarify $write_bcc documentation.\n - Update documentation for raw size expando\n - docbook: set generate.consistent.ids to make generated html\n reproducible\n * Build:\n - fix build/tests for 32-bit arches\n - tests: fix test that would fail soon\n - tests: fix context for failing idna tests\n\n- Update to 20191111:\n Bug fixes:\n * browser: fix directory view\n * fix crash in mutt_extract_token()\n * force a screen refresh\n * fix crash sending message from command line\n * notmuch: use nm_default_uri if no mailbox data\n * fix forward attachments\n * fix: vfprintf undefined behaviour in body_handler\n * Fix relative symlink resolution\n * fix: trash to non-existent file/dir\n * fix re-opening of mbox Mailboxes\n * close logging as late as possible\n * log unknown mailboxes\n * fix crash in command line postpone\n * fix memory leaks\n * fix icommand parsing\n * fix new mail interaction with mail_check_recent\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2157",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2157-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2157-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SO2YEN5NDIBWU3W774SS3UQQJQHS3Y2L/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2157-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SO2YEN5NDIBWU3W774SS3UQQJQHS3Y2L/"
},
{
"category": "self",
"summary": "SUSE Bug 1172906",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "self",
"summary": "SUSE Bug 1172935",
"url": "https://bugzilla.suse.com/1172935"
},
{
"category": "self",
"summary": "SUSE Bug 1173197",
"url": "https://bugzilla.suse.com/1173197"
},
{
"category": "self",
"summary": "SUSE Bug 1179035",
"url": "https://bugzilla.suse.com/1179035"
},
{
"category": "self",
"summary": "SUSE Bug 1179113",
"url": "https://bugzilla.suse.com/1179113"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14093 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14154 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "Security update for neomutt",
"tracking": {
"current_release_date": "2020-12-04T09:23:27Z",
"generator": {
"date": "2020-12-04T09:23:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2157-1",
"initial_release_date": "2020-12-04T09:23:27Z",
"revision_history": [
{
"date": "2020-12-04T09:23:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp151.3.3.1.aarch64",
"product": {
"name": "neomutt-20201120-bp151.3.3.1.aarch64",
"product_id": "neomutt-20201120-bp151.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-doc-20201120-bp151.3.3.1.noarch",
"product": {
"name": "neomutt-doc-20201120-bp151.3.3.1.noarch",
"product_id": "neomutt-doc-20201120-bp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20201120-bp151.3.3.1.noarch",
"product": {
"name": "neomutt-lang-20201120-bp151.3.3.1.noarch",
"product_id": "neomutt-lang-20201120-bp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp151.3.3.1.ppc64le",
"product": {
"name": "neomutt-20201120-bp151.3.3.1.ppc64le",
"product_id": "neomutt-20201120-bp151.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp151.3.3.1.s390x",
"product": {
"name": "neomutt-20201120-bp151.3.3.1.s390x",
"product_id": "neomutt-20201120-bp151.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20201120-bp151.3.3.1.x86_64",
"product": {
"name": "neomutt-20201120-bp151.3.3.1.x86_64",
"product_id": "neomutt-20201120-bp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp151.3.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64"
},
"product_reference": "neomutt-20201120-bp151.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp151.3.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le"
},
"product_reference": "neomutt-20201120-bp151.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp151.3.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x"
},
"product_reference": "neomutt-20201120-bp151.3.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20201120-bp151.3.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64"
},
"product_reference": "neomutt-20201120-bp151.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20201120-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch"
},
"product_reference": "neomutt-doc-20201120-bp151.3.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20201120-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
},
"product_reference": "neomutt-lang-20201120-bp151.3.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14093"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14093",
"url": "https://www.suse.com/security/cve/CVE-2020-14093"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:27Z",
"details": "important"
}
],
"title": "CVE-2020-14093"
},
{
"cve": "CVE-2020-14154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14154"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14154",
"url": "https://www.suse.com/security/cve/CVE-2020-14154"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:27Z",
"details": "important"
}
],
"title": "CVE-2020-14154"
},
{
"cve": "CVE-2020-14954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14954"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14954",
"url": "https://www.suse.com/security/cve/CVE-2020-14954"
},
{
"category": "external",
"summary": "SUSE Bug 1173197 for CVE-2020-14954",
"url": "https://bugzilla.suse.com/1173197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:27Z",
"details": "important"
}
],
"title": "CVE-2020-14954"
},
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.aarch64",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.ppc64le",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.s390x",
"SUSE Package Hub 15 SP1:neomutt-20201120-bp151.3.3.1.x86_64",
"SUSE Package Hub 15 SP1:neomutt-doc-20201120-bp151.3.3.1.noarch",
"SUSE Package Hub 15 SP1:neomutt-lang-20201120-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T09:23:27Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2024:11079-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
neomutt-20210205-3.3 on GA media
Notes
Title of the patch
neomutt-20210205-3.3 on GA media
Description of the patch
These are all security issues fixed in the neomutt-20210205-3.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11079
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "neomutt-20210205-3.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the neomutt-20210205-3.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11079-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14349 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14350 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14351 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14352 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14353 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14354 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14355 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14357 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14093 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14154 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
}
],
"title": "neomutt-20210205-3.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11079-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20210205-3.3.aarch64",
"product": {
"name": "neomutt-20210205-3.3.aarch64",
"product_id": "neomutt-20210205-3.3.aarch64"
}
},
{
"category": "product_version",
"name": "neomutt-doc-20210205-3.3.aarch64",
"product": {
"name": "neomutt-doc-20210205-3.3.aarch64",
"product_id": "neomutt-doc-20210205-3.3.aarch64"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20210205-3.3.aarch64",
"product": {
"name": "neomutt-lang-20210205-3.3.aarch64",
"product_id": "neomutt-lang-20210205-3.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20210205-3.3.ppc64le",
"product": {
"name": "neomutt-20210205-3.3.ppc64le",
"product_id": "neomutt-20210205-3.3.ppc64le"
}
},
{
"category": "product_version",
"name": "neomutt-doc-20210205-3.3.ppc64le",
"product": {
"name": "neomutt-doc-20210205-3.3.ppc64le",
"product_id": "neomutt-doc-20210205-3.3.ppc64le"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20210205-3.3.ppc64le",
"product": {
"name": "neomutt-lang-20210205-3.3.ppc64le",
"product_id": "neomutt-lang-20210205-3.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20210205-3.3.s390x",
"product": {
"name": "neomutt-20210205-3.3.s390x",
"product_id": "neomutt-20210205-3.3.s390x"
}
},
{
"category": "product_version",
"name": "neomutt-doc-20210205-3.3.s390x",
"product": {
"name": "neomutt-doc-20210205-3.3.s390x",
"product_id": "neomutt-doc-20210205-3.3.s390x"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20210205-3.3.s390x",
"product": {
"name": "neomutt-lang-20210205-3.3.s390x",
"product_id": "neomutt-lang-20210205-3.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20210205-3.3.x86_64",
"product": {
"name": "neomutt-20210205-3.3.x86_64",
"product_id": "neomutt-20210205-3.3.x86_64"
}
},
{
"category": "product_version",
"name": "neomutt-doc-20210205-3.3.x86_64",
"product": {
"name": "neomutt-doc-20210205-3.3.x86_64",
"product_id": "neomutt-doc-20210205-3.3.x86_64"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20210205-3.3.x86_64",
"product": {
"name": "neomutt-lang-20210205-3.3.x86_64",
"product_id": "neomutt-lang-20210205-3.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20210205-3.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64"
},
"product_reference": "neomutt-20210205-3.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20210205-3.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le"
},
"product_reference": "neomutt-20210205-3.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20210205-3.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-20210205-3.3.s390x"
},
"product_reference": "neomutt-20210205-3.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20210205-3.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64"
},
"product_reference": "neomutt-20210205-3.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20210205-3.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64"
},
"product_reference": "neomutt-doc-20210205-3.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20210205-3.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le"
},
"product_reference": "neomutt-doc-20210205-3.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20210205-3.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x"
},
"product_reference": "neomutt-doc-20210205-3.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20210205-3.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64"
},
"product_reference": "neomutt-doc-20210205-3.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20210205-3.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64"
},
"product_reference": "neomutt-lang-20210205-3.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20210205-3.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le"
},
"product_reference": "neomutt-lang-20210205-3.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20210205-3.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x"
},
"product_reference": "neomutt-lang-20210205-3.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20210205-3.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
},
"product_reference": "neomutt-lang-20210205-3.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14349"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14349",
"url": "https://www.suse.com/security/cve/CVE-2018-14349"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14349"
},
{
"cve": "CVE-2018-14350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14350"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14350",
"url": "https://www.suse.com/security/cve/CVE-2018-14350"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101588 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101588"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14350"
},
{
"cve": "CVE-2018-14351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14351"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14351",
"url": "https://www.suse.com/security/cve/CVE-2018-14351"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101583 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101583"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14351"
},
{
"cve": "CVE-2018-14352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14352"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14352",
"url": "https://www.suse.com/security/cve/CVE-2018-14352"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101582 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101582"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14352"
},
{
"cve": "CVE-2018-14353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14353"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14353",
"url": "https://www.suse.com/security/cve/CVE-2018-14353"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14353"
},
{
"cve": "CVE-2018-14354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14354"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14354",
"url": "https://www.suse.com/security/cve/CVE-2018-14354"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101578 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101578"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14354"
},
{
"cve": "CVE-2018-14355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14355"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14355",
"url": "https://www.suse.com/security/cve/CVE-2018-14355"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101577 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101577"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14355"
},
{
"cve": "CVE-2018-14356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14356"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14356",
"url": "https://www.suse.com/security/cve/CVE-2018-14356"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101576 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101576"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14356"
},
{
"cve": "CVE-2018-14357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14357"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14357",
"url": "https://www.suse.com/security/cve/CVE-2018-14357"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101573 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101573"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14357"
},
{
"cve": "CVE-2018-14358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14358"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14358",
"url": "https://www.suse.com/security/cve/CVE-2018-14358"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101571 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101571"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14358"
},
{
"cve": "CVE-2018-14359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14359"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14359",
"url": "https://www.suse.com/security/cve/CVE-2018-14359"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101570 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101570"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14359"
},
{
"cve": "CVE-2018-14360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14360"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14360",
"url": "https://www.suse.com/security/cve/CVE-2018-14360"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101569 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101569"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14360"
},
{
"cve": "CVE-2018-14361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14361"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14361",
"url": "https://www.suse.com/security/cve/CVE-2018-14361"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101568 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101568"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14361"
},
{
"cve": "CVE-2018-14362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14362"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14362",
"url": "https://www.suse.com/security/cve/CVE-2018-14362"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101567 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101567"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14362"
},
{
"cve": "CVE-2018-14363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14363"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict \u0027/\u0027 characters that may have unsafe interaction with cache pathnames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14363",
"url": "https://www.suse.com/security/cve/CVE-2018-14363"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101566 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101566"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14363"
},
{
"cve": "CVE-2020-14093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14093"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14093",
"url": "https://www.suse.com/security/cve/CVE-2020-14093"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14093"
},
{
"cve": "CVE-2020-14154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14154"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14154",
"url": "https://www.suse.com/security/cve/CVE-2020-14154"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14154",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14154"
},
{
"cve": "CVE-2020-14954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14954"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14954",
"url": "https://www.suse.com/security/cve/CVE-2020-14954"
},
{
"category": "external",
"summary": "SUSE Bug 1173197 for CVE-2020-14954",
"url": "https://bugzilla.suse.com/1173197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14954"
},
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:neomutt-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-doc-20210205-3.3.x86_64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.aarch64",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.ppc64le",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.s390x",
"openSUSE Tumbleweed:neomutt-lang-20210205-3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
}
]
}
OPENSUSE-SU-2024:11069-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
mutt-2.0.7-2.2 on GA media
Notes
Title of the patch
mutt-2.0.7-2.2 on GA media
Description of the patch
These are all security issues fixed in the mutt-2.0.7-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11069
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "mutt-2.0.7-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the mutt-2.0.7-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11069",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11069-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1558 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14349 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14350 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14351 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14352 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14353 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14354 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14355 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14357 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14093 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3181 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32055/"
}
],
"title": "mutt-2.0.7-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11069-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.aarch64",
"product": {
"name": "mutt-2.0.7-2.2.aarch64",
"product_id": "mutt-2.0.7-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.aarch64",
"product": {
"name": "mutt-doc-2.0.7-2.2.aarch64",
"product_id": "mutt-doc-2.0.7-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.aarch64",
"product": {
"name": "mutt-lang-2.0.7-2.2.aarch64",
"product_id": "mutt-lang-2.0.7-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.ppc64le",
"product": {
"name": "mutt-2.0.7-2.2.ppc64le",
"product_id": "mutt-2.0.7-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.ppc64le",
"product": {
"name": "mutt-doc-2.0.7-2.2.ppc64le",
"product_id": "mutt-doc-2.0.7-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.ppc64le",
"product": {
"name": "mutt-lang-2.0.7-2.2.ppc64le",
"product_id": "mutt-lang-2.0.7-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.s390x",
"product": {
"name": "mutt-2.0.7-2.2.s390x",
"product_id": "mutt-2.0.7-2.2.s390x"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.s390x",
"product": {
"name": "mutt-doc-2.0.7-2.2.s390x",
"product_id": "mutt-doc-2.0.7-2.2.s390x"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.s390x",
"product": {
"name": "mutt-lang-2.0.7-2.2.s390x",
"product_id": "mutt-lang-2.0.7-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.x86_64",
"product": {
"name": "mutt-2.0.7-2.2.x86_64",
"product_id": "mutt-2.0.7-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.x86_64",
"product": {
"name": "mutt-doc-2.0.7-2.2.x86_64",
"product_id": "mutt-doc-2.0.7-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.x86_64",
"product": {
"name": "mutt-lang-2.0.7-2.2.x86_64",
"product_id": "mutt-lang-2.0.7-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64"
},
"product_reference": "mutt-2.0.7-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le"
},
"product_reference": "mutt-2.0.7-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x"
},
"product_reference": "mutt-2.0.7-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64"
},
"product_reference": "mutt-2.0.7-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64"
},
"product_reference": "mutt-doc-2.0.7-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le"
},
"product_reference": "mutt-doc-2.0.7-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x"
},
"product_reference": "mutt-doc-2.0.7-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64"
},
"product_reference": "mutt-doc-2.0.7-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64"
},
"product_reference": "mutt-lang-2.0.7-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le"
},
"product_reference": "mutt-lang-2.0.7-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x"
},
"product_reference": "mutt-lang-2.0.7-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
},
"product_reference": "mutt-lang-2.0.7-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-1558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1558"
}
],
"notes": [
{
"category": "general",
"text": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1558",
"url": "https://www.suse.com/security/cve/CVE-2007-1558"
},
{
"category": "external",
"summary": "SUSE Bug 262450 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/262450"
},
{
"category": "external",
"summary": "SUSE Bug 271197 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/271197"
},
{
"category": "external",
"summary": "SUSE Bug 279843 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/279843"
},
{
"category": "external",
"summary": "SUSE Bug 281321 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281321"
},
{
"category": "external",
"summary": "SUSE Bug 281323 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-1558"
},
{
"cve": "CVE-2018-14349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14349"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14349",
"url": "https://www.suse.com/security/cve/CVE-2018-14349"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14349"
},
{
"cve": "CVE-2018-14350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14350"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14350",
"url": "https://www.suse.com/security/cve/CVE-2018-14350"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101588 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101588"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14350"
},
{
"cve": "CVE-2018-14351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14351"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14351",
"url": "https://www.suse.com/security/cve/CVE-2018-14351"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101583 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101583"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14351"
},
{
"cve": "CVE-2018-14352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14352"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14352",
"url": "https://www.suse.com/security/cve/CVE-2018-14352"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101582 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101582"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14352"
},
{
"cve": "CVE-2018-14353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14353"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14353",
"url": "https://www.suse.com/security/cve/CVE-2018-14353"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14353"
},
{
"cve": "CVE-2018-14354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14354"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14354",
"url": "https://www.suse.com/security/cve/CVE-2018-14354"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101578 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101578"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14354"
},
{
"cve": "CVE-2018-14355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14355"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14355",
"url": "https://www.suse.com/security/cve/CVE-2018-14355"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101577 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101577"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14355"
},
{
"cve": "CVE-2018-14356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14356"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14356",
"url": "https://www.suse.com/security/cve/CVE-2018-14356"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101576 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101576"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14356"
},
{
"cve": "CVE-2018-14357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14357"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14357",
"url": "https://www.suse.com/security/cve/CVE-2018-14357"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101573 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101573"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14357"
},
{
"cve": "CVE-2018-14358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14358"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14358",
"url": "https://www.suse.com/security/cve/CVE-2018-14358"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101571 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101571"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14358"
},
{
"cve": "CVE-2018-14359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14359"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14359",
"url": "https://www.suse.com/security/cve/CVE-2018-14359"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101570 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101570"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14359"
},
{
"cve": "CVE-2018-14360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14360"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14360",
"url": "https://www.suse.com/security/cve/CVE-2018-14360"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101569 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101569"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14360"
},
{
"cve": "CVE-2018-14361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14361"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14361",
"url": "https://www.suse.com/security/cve/CVE-2018-14361"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101568 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101568"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14361"
},
{
"cve": "CVE-2018-14362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14362"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14362",
"url": "https://www.suse.com/security/cve/CVE-2018-14362"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101567 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101567"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14362"
},
{
"cve": "CVE-2018-14363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14363"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict \u0027/\u0027 characters that may have unsafe interaction with cache pathnames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14363",
"url": "https://www.suse.com/security/cve/CVE-2018-14363"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101566 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101566"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14363"
},
{
"cve": "CVE-2020-14093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14093"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14093",
"url": "https://www.suse.com/security/cve/CVE-2020-14093"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14093"
},
{
"cve": "CVE-2020-14954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14954"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14954",
"url": "https://www.suse.com/security/cve/CVE-2020-14954"
},
{
"category": "external",
"summary": "SUSE Bug 1173197 for CVE-2020-14954",
"url": "https://bugzilla.suse.com/1173197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14954"
},
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
},
{
"cve": "CVE-2021-3181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3181"
}
],
"notes": [
{
"category": "general",
"text": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3181",
"url": "https://www.suse.com/security/cve/CVE-2021-3181"
},
{
"category": "external",
"summary": "SUSE Bug 1181221 for CVE-2021-3181",
"url": "https://bugzilla.suse.com/1181221"
},
{
"category": "external",
"summary": "SUSE Bug 1181505 for CVE-2021-3181",
"url": "https://bugzilla.suse.com/1181505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3181"
},
{
"cve": "CVE-2021-32055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32055"
}
],
"notes": [
{
"category": "general",
"text": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32055",
"url": "https://www.suse.com/security/cve/CVE-2021-32055"
},
{
"category": "external",
"summary": "SUSE Bug 1185705 for CVE-2021-32055",
"url": "https://bugzilla.suse.com/1185705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32055"
}
]
}
GHSA-346P-QX4X-G348
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI?
Details
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
{
"affected": [],
"aliases": [
"CVE-2020-28896"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-23T19:15:00Z",
"severity": "HIGH"
},
"details": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"id": "GHSA-346p-qx4x-g348",
"modified": "2022-05-24T17:34:49Z",
"published": "2022-05-24T17:34:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28896"
},
{
"type": "WEB",
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"type": "WEB",
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"type": "WEB",
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"type": "WEB",
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-32"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-28896
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-28896",
"description": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"id": "GSD-2020-28896",
"references": [
"https://www.suse.com/security/cve/CVE-2020-28896.html",
"https://access.redhat.com/errata/RHSA-2021:4181",
"https://ubuntu.com/security/CVE-2020-28896",
"https://advisories.mageia.org/CVE-2020-28896.html",
"https://security.archlinux.org/CVE-2020-28896",
"https://linux.oracle.com/cve/CVE-2020-28896.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-28896"
],
"details": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"id": "GSD-2020-28896",
"modified": "2023-12-13T01:22:01.862673Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f",
"refsource": "MISC",
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"name": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a",
"refsource": "MISC",
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"name": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"name": "https://github.com/neomutt/neomutt/releases/tag/20201120",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"name": "GLSA-202101-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-32"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020-11-20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28896"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-755"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"name": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"name": "https://github.com/neomutt/neomutt/releases/tag/20201120",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"name": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"name": "GLSA-202101-32",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-32"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-07-21T11:39Z",
"publishedDate": "2020-11-23T19:15Z"
}
}
}
RHSA-2021_4181
Vulnerability from csaf_redhat - Published: 2021-11-09 18:10 - Updated: 2024-11-22 16:48Summary
Red Hat Security Advisory: mutt security, bug fix, and enhancement update
Notes
Topic
An update for mutt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.
The following packages have been upgraded to a later upstream version: mutt (2.0.7). (BZ#1912614)
Security Fix(es):
* mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection (CVE-2020-28896)
* mutt: Memory leak when parsing rfc822 group addresses (CVE-2021-3181)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for mutt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nThe following packages have been upgraded to a later upstream version: mutt (2.0.7). (BZ#1912614)\n\nSecurity Fix(es):\n\n* mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection (CVE-2020-28896)\n\n* mutt: Memory leak when parsing rfc822 group addresses (CVE-2021-3181)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4181",
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1890084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890084"
},
{
"category": "external",
"summary": "1900826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826"
},
{
"category": "external",
"summary": "1912614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912614"
},
{
"category": "external",
"summary": "1920446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920446"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4181.json"
}
],
"title": "Red Hat Security Advisory: mutt security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T16:48:38+00:00",
"generator": {
"date": "2024-11-22T16:48:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:4181",
"initial_release_date": "2021-11-09T18:10:01+00:00",
"revision_history": [
{
"date": "2021-11-09T18:10:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T18:10:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:48:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.src",
"product": {
"name": "mutt-5:2.0.7-1.el8.src",
"product_id": "mutt-5:2.0.7-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=src\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.aarch64",
"product": {
"name": "mutt-5:2.0.7-1.el8.aarch64",
"product_id": "mutt-5:2.0.7-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=aarch64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.ppc64le",
"product": {
"name": "mutt-5:2.0.7-1.el8.ppc64le",
"product_id": "mutt-5:2.0.7-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=ppc64le\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.x86_64",
"product": {
"name": "mutt-5:2.0.7-1.el8.x86_64",
"product_id": "mutt-5:2.0.7-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=x86_64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.s390x",
"product": {
"name": "mutt-5:2.0.7-1.el8.s390x",
"product_id": "mutt-5:2.0.7-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=s390x\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64"
},
"product_reference": "mutt-5:2.0.7-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le"
},
"product_reference": "mutt-5:2.0.7-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x"
},
"product_reference": "mutt-5:2.0.7-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src"
},
"product_reference": "mutt-5:2.0.7-1.el8.src",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64"
},
"product_reference": "mutt-5:2.0.7-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2020-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1900826"
}
],
"notes": [
{
"category": "description",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated the severity of this flaw as Moderate because although the Confidentiality impact is high, the attack complexity is also high as a particular attacker would at least need to coordinate social engineering a victim to connect to a bad server, and also perform a man-in-the-middle attack or perform similar interception of the connection. Please see the following page for details on Red Hat severity ratings with special attention to Moderate: https://access.redhat.com/security/updates/classification .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "RHBZ#1900826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28896"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28896"
}
],
"release_date": "2020-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:10:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection"
},
{
"cve": "CVE-2021-3181",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1920446"
}
],
"notes": [
{
"category": "description",
"text": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mutt: Memory leak when parsing rfc822 group addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3181"
},
{
"category": "external",
"summary": "RHBZ#1920446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3181"
}
],
"release_date": "2021-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:10:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mutt: Memory leak when parsing rfc822 group addresses"
}
]
}
RHSA-2021:4181
Vulnerability from csaf_redhat - Published: 2021-11-09 18:10 - Updated: 2025-11-21 18:26Summary
Red Hat Security Advisory: mutt security, bug fix, and enhancement update
Notes
Topic
An update for mutt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.
The following packages have been upgraded to a later upstream version: mutt (2.0.7). (BZ#1912614)
Security Fix(es):
* mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection (CVE-2020-28896)
* mutt: Memory leak when parsing rfc822 group addresses (CVE-2021-3181)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for mutt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.\n\nThe following packages have been upgraded to a later upstream version: mutt (2.0.7). (BZ#1912614)\n\nSecurity Fix(es):\n\n* mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection (CVE-2020-28896)\n\n* mutt: Memory leak when parsing rfc822 group addresses (CVE-2021-3181)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4181",
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1890084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890084"
},
{
"category": "external",
"summary": "1900826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826"
},
{
"category": "external",
"summary": "1912614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912614"
},
{
"category": "external",
"summary": "1920446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920446"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4181.json"
}
],
"title": "Red Hat Security Advisory: mutt security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:26:16+00:00",
"generator": {
"date": "2025-11-21T18:26:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:4181",
"initial_release_date": "2021-11-09T18:10:01+00:00",
"revision_history": [
{
"date": "2021-11-09T18:10:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T18:10:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:26:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.src",
"product": {
"name": "mutt-5:2.0.7-1.el8.src",
"product_id": "mutt-5:2.0.7-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=src\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.aarch64",
"product": {
"name": "mutt-5:2.0.7-1.el8.aarch64",
"product_id": "mutt-5:2.0.7-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=aarch64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.ppc64le",
"product": {
"name": "mutt-5:2.0.7-1.el8.ppc64le",
"product_id": "mutt-5:2.0.7-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=ppc64le\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.x86_64",
"product": {
"name": "mutt-5:2.0.7-1.el8.x86_64",
"product_id": "mutt-5:2.0.7-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=x86_64\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-5:2.0.7-1.el8.s390x",
"product": {
"name": "mutt-5:2.0.7-1.el8.s390x",
"product_id": "mutt-5:2.0.7-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt@2.0.7-1.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"product": {
"name": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"product_id": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debugsource@2.0.7-1.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"product": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"product_id": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mutt-debuginfo@2.0.7-1.el8?arch=s390x\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64"
},
"product_reference": "mutt-5:2.0.7-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le"
},
"product_reference": "mutt-5:2.0.7-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x"
},
"product_reference": "mutt-5:2.0.7-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src"
},
"product_reference": "mutt-5:2.0.7-1.el8.src",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-5:2.0.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64"
},
"product_reference": "mutt-5:2.0.7-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debuginfo-5:2.0.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64"
},
"product_reference": "mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-debugsource-5:2.0.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
},
"product_reference": "mutt-debugsource-5:2.0.7-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2020-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1900826"
}
],
"notes": [
{
"category": "description",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated the severity of this flaw as Moderate because although the Confidentiality impact is high, the attack complexity is also high as a particular attacker would at least need to coordinate social engineering a victim to connect to a bad server, and also perform a man-in-the-middle attack or perform similar interception of the connection. Please see the following page for details on Red Hat severity ratings with special attention to Moderate: https://access.redhat.com/security/updates/classification .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "RHBZ#1900826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28896"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28896"
}
],
"release_date": "2020-11-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:10:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection"
},
{
"cve": "CVE-2021-3181",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1920446"
}
],
"notes": [
{
"category": "description",
"text": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mutt: Memory leak when parsing rfc822 group addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3181"
},
{
"category": "external",
"summary": "RHBZ#1920446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3181"
}
],
"release_date": "2021-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T18:10:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.src",
"AppStream-8.5.0.GA:mutt-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debuginfo-5:2.0.7-1.el8.x86_64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.aarch64",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.ppc64le",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.s390x",
"AppStream-8.5.0.GA:mutt-debugsource-5:2.0.7-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mutt: Memory leak when parsing rfc822 group addresses"
}
]
}
WID-SEC-W-2022-2241
Vulnerability from csaf_certbund - Published: 2020-11-23 23:00 - Updated: 2025-01-15 23:00Summary
mutt: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Mutt ist ein textbasiertes E-Mail-Programm für Unix und andere Unix-artige Betriebssysteme.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mutt ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Mutt ist ein textbasiertes E-Mail-Programm f\u00fcr Unix und andere Unix-artige Betriebssysteme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mutt ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2241 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-2241.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2241 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2241"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2020-11-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28896"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4645-1 vom 2020-11-27",
"url": "https://ubuntu.com/security/notices/USN-4645-1"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202011-25 vom 2020-11-27",
"url": "https://security.archlinux.org/ASA-202011-25/generate"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202011-24 vom 2020-11-26",
"url": "https://security.archlinux.org/ASA-202011-24/generate"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:14551-1 vom 2020-11-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007894.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2472 vom 2020-11-30",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:3568-1 vom 2020-11-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007891.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:3632-1 vom 2020-12-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007921.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202101-32 vom 2021-01-27",
"url": "https://security.gentoo.org/glsa/202101-32"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4181 vom 2021-11-10",
"url": "https://access.redhat.com/errata/RHSA-2021:4181"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1892 vom 2022-12-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1892.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7204-1 vom 2025-01-15",
"url": "https://ubuntu.com/security/notices/USN-7204-1"
}
],
"source_lang": "en-US",
"title": "mutt: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-01-15T23:00:00.000+00:00",
"generator": {
"date": "2025-01-16T09:22:23.763+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2022-2241",
"initial_release_date": "2020-11-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-11-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-11-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu und Arch Linux aufgenommen"
},
{
"date": "2020-11-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2020-12-07T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-01-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-01-15T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.0.2",
"product": {
"name": "Open Source mutt \u003c2.0.2",
"product_id": "T017764"
}
},
{
"category": "product_version",
"name": "2.0.2",
"product": {
"name": "Open Source mutt 2.0.2",
"product_id": "T017764-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mutt:mutt:2.0.2"
}
}
}
],
"category": "product_name",
"name": "mutt"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28896",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in mutt. Eine unsachgem\u00e4\u00dfe Fehlerbehandlung beim erstmaligen Herstellen einer Verbindung zu einem IMAP-Server kann zu einem weiteren Authentifizierungsversuch f\u00fchren, ohne TLS zu aktivieren. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen, wie z.B. Authentifizierungsdaten, offenzulegen."
}
],
"product_status": {
"known_affected": [
"T017764",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"398363",
"T012167"
]
},
"release_date": "2020-11-23T23:00:00.000+00:00",
"title": "CVE-2020-28896"
}
]
}
FKIE_CVE-2020-28896
Vulnerability from fkie_nvd - Published: 2020-11-23 19:15 - Updated: 2024-11-21 05:23
Severity ?
Summary
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C51D970-ABF4-465F-9C6D-0AB13AC6D84F",
"versionEndExcluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFDF3E8-5AB3-490C-B9E0-4E2B38E07E42",
"versionEndExcluding": "2020-11-20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
},
{
"lang": "es",
"value": "Mutt versiones anteriores a 2.0.2 y NeoMutt anterior al 20-11-2020 no aseguraron que $ssl_force_tls fuera procesado si la respuesta inicial del servidor de un servidor IMAP no era v\u00e1lida.\u0026#xa0;La conexi\u00f3n no se cerr\u00f3 correctamente y el c\u00f3digo podr\u00eda seguir intentando autenticarse.\u0026#xa0;Esto podr\u00eda resultar en que las credenciales de autenticaci\u00f3n se expongan en una conexi\u00f3n no cifrada o en una m\u00e1quina en el medio"
}
],
"id": "CVE-2020-28896",
"lastModified": "2024-11-21T05:23:14.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T19:15:11.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-32"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…