Back to mutt PTS page

Accepted mutt 1.5.23-3+deb8u1 (source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Jul 2018 22:20:50 -0400
Source: mutt
Binary: mutt mutt-patched mutt-dbg
Architecture: source
Version: 1.5.23-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Antonio Radici <antonio@dyne.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 mutt       - text-based mailreader supporting MIME, GPG, PGP and threading
 mutt-dbg   - debugging symbols for mutt
 mutt-patched - Mutt Mail User Agent with extra patches
Closes: 904051
Changes:
 mutt (1.5.23-3+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team. (Closes: 904051)
   * Fix arbitrary command execution by remote IMAP servers via backquote
     characters, related to the mailboxes command associated with a manual
     subscription or unsubscription (CVE-2018-14354)
   * Fix arbitrary command execution by remote IMAP servers via backquote
     characters, related to the mailboxes command associated with an automatic
     subscription (CVE-2018-14357)
   * Fix a stack-based buffer overflow caused by imap_quote_string() not
     leaving room for quote characters (CVE-2018-14352)
   * Fix an integer underflow in imap_quote_string() (CVE-2018-14353)
   * Fix mishandling of zero-length UID in pop.c (CVE-2018-14356)
   * Fix unsafe interaction between message-cache pathnames and certain
     characters in pop.c (CVE-2018-14362)
   * Fix mishandling of ".." directory traversal in IMAP mailbox name
     (CVE-2018-14355)
   * Fix a stack-based buffer overflow for an IMAP FETCH response with a long
     INTERNALDATE field (CVE-2018-14350)
   * Fix a stack-based buffer overflow for an IMAP FETCH response with a long
     RFC822.SIZE field (CVE-2018-14358)
   * Fix mishandling of an IMAP NO response without a message (CVE-2018-14349)
   * Fix mishandling of long IMAP status mailbox literal count size
     (CVE-2018-14351)
   * Fix a buffer overflow via base64 data (CVE-2018-14359)
   * Fix a stack-based buffer overflow because of incorrect sscanf usage
     (CVE-2018-14360)
   * Fix a defect where processing continues if memory allocation fails for
     NNTP messages (CVE-2018-14361)
   * Fix unsafe interaction between message-cache pathnames and certain
     characters in newsrc.c (CVE-2018-14363)
Checksums-Sha1:
 7993890724fb77d67a17971257ad0c268e463d34 2249 mutt_1.5.23-3+deb8u1.dsc
 8ac821d8b1e25504a31bf5fda9c08d93a4acc862 3782032 mutt_1.5.23.orig.tar.gz
 9c14dec005fb18a3ef10010bd2506cdbce24a0cb 134360 mutt_1.5.23-3+deb8u1.debian.tar.xz
Checksums-Sha256:
 3db7ab1db6f54932d41a8307de010354faabc660a746f413d42e96f4c06637f4 2249 mutt_1.5.23-3+deb8u1.dsc
 3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37 3782032 mutt_1.5.23.orig.tar.gz
 005bd978a4493092b5541c06fd11263f6fbca0f4333842672f14155ad1527f4c 134360 mutt_1.5.23-3+deb8u1.debian.tar.xz
Files:
 9f3d92587267c68d79a463ea392457cf 2249 mail standard mutt_1.5.23-3+deb8u1.dsc
 11f5b6a3eeba1afa1257fe93c9f26bff 3782032 mail standard mutt_1.5.23.orig.tar.gz
 97ad82ce1f2b7c3b7f7a0893efadd101 134360 mail standard mutt_1.5.23-3+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAltigbIACgkQLNd4Xt2n
sg/ygw/7BTsuI9RgtHiq4fuuyIuIlnIQiOARE2Jzosmd3jK/S8Ei+uSLCKHPS6wW
TTCVBiIOcU8SvlqUcv+AlGxxCefXke+YCrXhMwp4dmWd/WnhOnebvLsLa22WomVU
gTh3SNIQmmYN6sCpL382WZ/a+9G+PRfGYD0HoPbxSDZxZ5pYA345mtDKfyMemYi2
5GJEoDy43t/JKWgKkIekmGbBkR4MbyDwL6zhqcUa499b6TmsG/B5jstAL2n4U8MZ
akRKYIMo8lDrRzch5BbNq5btXK6xcJnikraGR/zCcf+BX++MUu6/09MjtbdwELRF
hWSHdNlxG6tVn1HO6wfvjLjYV7kRoCMtxeH7iQPL1Ac2VOJlqCjdtFh/k6LO5YGy
0LMV/1hO31uhx/grMxK2z8XEUb2wngPU6jtwFGrXrjmKH7afraaUxeYVSNeUR00Q
4nalEv3VpaNXfQKoHxzW1locm7hUZBmrRkHWOS8R0jARtQwzQsLZFdi+FhtfVy7S
V92bYWJFsmsi+TBfS/+UmTgl1N9SL6U+Hqmhkhcu0TDYRNMhciBCYBvHruZG613W
ZxfCHY3X+8kWLapVony9gKBgMB2r2gwHyKUd2dH8eagMRJTBZLGcj+sY0teSH4k7
Gp31fNzNY+oY8n9og5100tQoUiVjbh6SynaJBCzjCLn52z7o2eY=
=/EiO
-----END PGP SIGNATURE-----