Accepted mutt 1.5.23-3+deb8u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 27 Jul 2018 22:20:50 -0400
Source: mutt
Binary: mutt mutt-patched mutt-dbg
Architecture: source
Version: 1.5.23-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Antonio Radici <antonio@dyne.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
mutt - text-based mailreader supporting MIME, GPG, PGP and threading
mutt-dbg - debugging symbols for mutt
mutt-patched - Mutt Mail User Agent with extra patches
Closes: 904051
Changes:
mutt (1.5.23-3+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team. (Closes: 904051)
* Fix arbitrary command execution by remote IMAP servers via backquote
characters, related to the mailboxes command associated with a manual
subscription or unsubscription (CVE-2018-14354)
* Fix arbitrary command execution by remote IMAP servers via backquote
characters, related to the mailboxes command associated with an automatic
subscription (CVE-2018-14357)
* Fix a stack-based buffer overflow caused by imap_quote_string() not
leaving room for quote characters (CVE-2018-14352)
* Fix an integer underflow in imap_quote_string() (CVE-2018-14353)
* Fix mishandling of zero-length UID in pop.c (CVE-2018-14356)
* Fix unsafe interaction between message-cache pathnames and certain
characters in pop.c (CVE-2018-14362)
* Fix mishandling of ".." directory traversal in IMAP mailbox name
(CVE-2018-14355)
* Fix a stack-based buffer overflow for an IMAP FETCH response with a long
INTERNALDATE field (CVE-2018-14350)
* Fix a stack-based buffer overflow for an IMAP FETCH response with a long
RFC822.SIZE field (CVE-2018-14358)
* Fix mishandling of an IMAP NO response without a message (CVE-2018-14349)
* Fix mishandling of long IMAP status mailbox literal count size
(CVE-2018-14351)
* Fix a buffer overflow via base64 data (CVE-2018-14359)
* Fix a stack-based buffer overflow because of incorrect sscanf usage
(CVE-2018-14360)
* Fix a defect where processing continues if memory allocation fails for
NNTP messages (CVE-2018-14361)
* Fix unsafe interaction between message-cache pathnames and certain
characters in newsrc.c (CVE-2018-14363)
Checksums-Sha1:
7993890724fb77d67a17971257ad0c268e463d34 2249 mutt_1.5.23-3+deb8u1.dsc
8ac821d8b1e25504a31bf5fda9c08d93a4acc862 3782032 mutt_1.5.23.orig.tar.gz
9c14dec005fb18a3ef10010bd2506cdbce24a0cb 134360 mutt_1.5.23-3+deb8u1.debian.tar.xz
Checksums-Sha256:
3db7ab1db6f54932d41a8307de010354faabc660a746f413d42e96f4c06637f4 2249 mutt_1.5.23-3+deb8u1.dsc
3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37 3782032 mutt_1.5.23.orig.tar.gz
005bd978a4493092b5541c06fd11263f6fbca0f4333842672f14155ad1527f4c 134360 mutt_1.5.23-3+deb8u1.debian.tar.xz
Files:
9f3d92587267c68d79a463ea392457cf 2249 mail standard mutt_1.5.23-3+deb8u1.dsc
11f5b6a3eeba1afa1257fe93c9f26bff 3782032 mail standard mutt_1.5.23.orig.tar.gz
97ad82ce1f2b7c3b7f7a0893efadd101 134360 mail standard mutt_1.5.23-3+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAltigbIACgkQLNd4Xt2n
sg/ygw/7BTsuI9RgtHiq4fuuyIuIlnIQiOARE2Jzosmd3jK/S8Ei+uSLCKHPS6wW
TTCVBiIOcU8SvlqUcv+AlGxxCefXke+YCrXhMwp4dmWd/WnhOnebvLsLa22WomVU
gTh3SNIQmmYN6sCpL382WZ/a+9G+PRfGYD0HoPbxSDZxZ5pYA345mtDKfyMemYi2
5GJEoDy43t/JKWgKkIekmGbBkR4MbyDwL6zhqcUa499b6TmsG/B5jstAL2n4U8MZ
akRKYIMo8lDrRzch5BbNq5btXK6xcJnikraGR/zCcf+BX++MUu6/09MjtbdwELRF
hWSHdNlxG6tVn1HO6wfvjLjYV7kRoCMtxeH7iQPL1Ac2VOJlqCjdtFh/k6LO5YGy
0LMV/1hO31uhx/grMxK2z8XEUb2wngPU6jtwFGrXrjmKH7afraaUxeYVSNeUR00Q
4nalEv3VpaNXfQKoHxzW1locm7hUZBmrRkHWOS8R0jARtQwzQsLZFdi+FhtfVy7S
V92bYWJFsmsi+TBfS/+UmTgl1N9SL6U+Hqmhkhcu0TDYRNMhciBCYBvHruZG613W
ZxfCHY3X+8kWLapVony9gKBgMB2r2gwHyKUd2dH8eagMRJTBZLGcj+sY0teSH4k7
Gp31fNzNY+oY8n9og5100tQoUiVjbh6SynaJBCzjCLn52z7o2eY=
=/EiO
-----END PGP SIGNATURE-----