Accepted mutt 1.7.2-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Aug 2018 09:48:44 +0100
Source: mutt
Binary: mutt
Architecture: source
Version: 1.7.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Mutt maintainers <pkg-mutt-maintainers@lists.alioth.debian.org>
Changed-By: Antonio Radici <antonio@debian.org>
Description:
mutt - text-based mailreader supporting MIME, GPG, PGP and threading
Closes: 904051
Changes:
mutt (1.7.2-1+deb9u1) stretch-security; urgency=high
.
* Initial changelog entries for security update (Closes: 904051)
* Patches provided by Roberto C. Sánchez <roberto@debian.org>
+ Fix arbitrary command execution by remote IMAP servers via backquote
characters, related to the mailboxes command associated with a manual
subscription or unsubscription (CVE-2018-14354)
+ Fix arbitrary command execution by remote IMAP servers via backquote
characters, related to the mailboxes command associated with an automatic
subscription (CVE-2018-14357)
+ Fix a stack-based buffer overflow caused by imap_quote_string() not
leaving room for quote characters (CVE-2018-14352)
+ Fix an integer underflow in imap_quote_string() (CVE-2018-14353)
+ Fix mishandling of zero-length UID in pop.c (CVE-2018-14356)
+ Fix unsafe interaction between message-cache pathnames and certain
characters in pop.c (CVE-2018-14362)
+ Fix mishandling of ".." directory traversal in IMAP mailbox name
(CVE-2018-14355)
+ Fix a stack-based buffer overflow for an IMAP FETCH response with a long
INTERNALDATE field (CVE-2018-14350)
+ Fix a stack-based buffer overflow for an IMAP FETCH response with a long
RFC822.SIZE field (CVE-2018-14358)
+ Fix mishandling of an IMAP NO response without a message (CVE-2018-14349)
+ Fix mishandling of long IMAP status mailbox literal count size
(CVE-2018-14351)
+ Fix a buffer overflow via base64 data (CVE-2018-14359)
+ Fix a stack-based buffer overflow because of incorrect sscanf usage
(CVE-2018-14360)
+ Fix a defect where processing continues if memory allocation fails for
NNTP messages (CVE-2018-14361)
* Fix unsafe interaction between message-cache pathnames and certain
characters in newsrc.c (CVE-2018-14363)
Checksums-Sha1:
ee6cbca7086be8f154a12c8dd1c7691af3fb8d3a 2261 mutt_1.7.2-1+deb9u1.dsc
39be2b552b99ed16f263487017c68cdbc1c7b384 4025880 mutt_1.7.2.orig.tar.gz
f9016623034e6c882c989fa155e9ad1f6180053a 942128 mutt_1.7.2-1+deb9u1.debian.tar.xz
46d6d2d1705ffcddd4dcf707b39f355f760949a9 8197 mutt_1.7.2-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
444b1ae5aa891a062cf384eba463b5b3890f165001bf48a660323d6994fad6c6 2261 mutt_1.7.2-1+deb9u1.dsc
1553501687cd22d5b8aaee4dc5a7d9dcf6cc61d7956f6aabaadd252d10cd5ff9 4025880 mutt_1.7.2.orig.tar.gz
2cdb980933fc6c17869af79ae2f574193b1bf3883e8dd514ddc552430590ded6 942128 mutt_1.7.2-1+deb9u1.debian.tar.xz
840f8e44945e240b1bfc4b2dd24084fa84c1d41a0833007715a821ef700742aa 8197 mutt_1.7.2-1+deb9u1_amd64.buildinfo
Files:
6d8db98e29b0fa03b1771fbbc513036a 2261 mail optional mutt_1.7.2-1+deb9u1.dsc
15425c4c9946d58c22ccb44901544e6d 4025880 mail optional mutt_1.7.2.orig.tar.gz
01f386aeba296788821facd530dfa6de 942128 mail optional mutt_1.7.2-1+deb9u1.debian.tar.xz
4ed1cded4d079c153ae39af449715077 8197 mail optional mutt_1.7.2-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEQObYrBkA1SRrfOa1NcjIiHLLHu0FAltv620THGFudG9uaW9A
ZGViaWFuLm9yZwAKCRA1yMiIcsse7dPhD/91EfWhueQ046CcvhGx5G4O1VvlbxkQ
PW1hctvsEcctbDgTWmrHWuuPUzt6KbNBNTHuBJOApSJu5ZUFSTwtomRkw9YYuu/T
/jGLeciqBFVFZEzgK65nbhaCXQtTEde2rS2CGFpBxOSyDlNLBb7Tc2aVbzX1T9OJ
EBsF9N9/5kTJPlqS27zXM33KQ8iYAlbdMAE3qWpITYk2zdzzPT3evlRxjxQ/u8Tj
DLjsElWpAFo5H3dlx5gyjqstJgSURKgJ2wZztHey9ZWVc3zkucnA21Tr5DFy53PS
n4B1gq4l8HRDvv+6QGLs9PaJNV+2+AeL+zA2bQlUFhlxjMbJN5hTLEWc3hKoKrsv
4zy4GlNs6ns3HcGCr4q6ouqlQukrVhifo44mgIOIy2+kdmVI0H1vgmOL3I8RBV0T
P7AzX2DXDsfgvEU8mICCRblleHrXcgCDUJN4lKq/9j1+//GcGCG4emWG9UucyF28
S5YdG2+O3R6StGISC7i1GiAIB6UWk9oIulesAKk8rST4RvEgPVoiw09UxFzvnAQu
+BEEVXpn0NtcLjetH5PmOwsTIBV7jWfA64c/1JTUdT2a7v/QBbQIYlleCOgujrD/
lfTpG8XZ7CxnKjbV1smV9gfRl4Re63i8IVE8Lv1eZuO/aQJmkaQGMMJmGPP9F7QZ
VP2nqZzi06KmBA==
=YAgc
-----END PGP SIGNATURE-----