Your message dated Thu, 29 Jul 2021 21:48:28 +0000
with message-id <[email protected]>
and subject line Bug#988107: fixed in neomutt 20201127+dfsg.1-1.2
has caused the Debian Bug report #988107,
regarding neomutt: CVE-2021-32055
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mutt
Version: 2.0.5-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:neomutt 20201127+dfsg.1-1.1
Control: retitle -2 neomutt: CVE-2021-32055
Hi,
The following vulnerability was published for mutt (respectively
neomutt):
CVE-2021-32055[0]:
| Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through
| 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-
| of-bounds read in situations where an IMAP sequence set ends with a
| comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by
| default.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-32055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055
[1]
https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
[2]
https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: neomutt
Source-Version: 20201127+dfsg.1-1.2
Done: Moritz Muehlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
neomutt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[email protected]> (supplier of updated neomutt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Jul 2021 23:13:20 +0200
Source: neomutt
Architecture: source
Version: 20201127+dfsg.1-1.2
Distribution: unstable
Urgency: medium
Maintainer: Mutt maintainers <[email protected]>
Changed-By: Moritz Muehlenhoff <[email protected]>
Closes: 988107
Changes:
neomutt (20201127+dfsg.1-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2021-32055 (Closes: #988107)
Checksums-Sha1:
b96193e3dcdb5491a5a00fdc2ba8bc6d56f645f6 2271 neomutt_20201127+dfsg.1-1.2.dsc
2f5e412753347318df5fccea94a446906e9cfc08 21960
neomutt_20201127+dfsg.1-1.2.debian.tar.xz
ab54a433ac90f2d7019e73e840e8c8b5dfa3315a 12558
neomutt_20201127+dfsg.1-1.2_amd64.buildinfo
Checksums-Sha256:
b060233bd582a31578e19f6643ca8b005cdc7797da07361b3a8ab9ac5978a43b 2271
neomutt_20201127+dfsg.1-1.2.dsc
963dceea26b55c244b1b8b6b1277f4522e6934bc0b94dbd29199dc418f224a0e 21960
neomutt_20201127+dfsg.1-1.2.debian.tar.xz
bb78cd0774395dc99986e6933c3b0c3139c258d6761d672f02c223d78cc2d7ff 12558
neomutt_20201127+dfsg.1-1.2_amd64.buildinfo
Files:
9b9b02f3633bb7f519ebd74fc26237ef 2271 mail optional
neomutt_20201127+dfsg.1-1.2.dsc
31290b75c797a07449b809344af68ee8 21960 mail optional
neomutt_20201127+dfsg.1-1.2.debian.tar.xz
0dc17e3624707b8e46b693c69ebf8961 12558 mail optional
neomutt_20201127+dfsg.1-1.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmEDGrwACgkQEMKTtsN8
TjZvFg/9HlORuEURgKenshJdJeZ5Hs3ogpDIr7rzxBdHAVf7JaDpp58wbmEcSO6a
YpGu2fg5WJTaFWuNKvlOTCXSObYZQWUczKXJ/rnWwZauobOD3zpWVi7bvTcsoSj9
sruH7MkQgD1n+gJ7+LJYV+Qi+45Ab/zPrzfpwmss6Me4cHGMyNmsXcMBK5dSymy5
02aj/nCJSqRZfDA6d+l49MYr+KCFcITW9cwxYvaUCZA8KDNV7bpp62t5wAM+iQ1l
K1Vu0/PrTUQt49tJZQx1SC+9lPTgooLuF7rczb6AoepDOq8Xuk7l1lkuvk49xMZb
i++gExKAaZh5QGeclMmy+AKFPfX1z//KYPFlduY3o9ku6b+W1wXb6bzOVz+Of2S7
jwD7Pyw2bE0mwZ06RIt8iZuOfLYxGflNCDCRyVtqhKdXCsMgFqvNeU4lKFgzg2FC
vscHpv7MgSnomCegZ2Tb7WL+pB9+EYJQcIFArdCpgtbiuOkV7l+L5DClvlJUKc/M
zr3hs7fcXinbzuM3FMtgriz3UEvCDfaMK/x/2fjUer9NvBhtxMN39hMQZBvRWusz
kebuEGHgLbqQ0lPSDW71/8K13IXf2FXnfSy+MqRnlnatKXu6X3u1y3cIa4HOkx5/
t/YCiSAPjysOH3F1RPDVPDrbXvT8ZYm8FsjtsaHnUD7jmhVN9GU=
=4MvA
-----END PGP SIGNATURE-----
--- End Message ---
