tag -1 +pending thanks On Sat, Jun 20, 2020 at 08:19:32AM +0200, Antonio Radici wrote: > On Fri, Jun 19, 2020 at 04:04:37PM -0700, Josh Triplett wrote: > > On Thu, Jun 18, 2020 at 10:41:37PM -0700, Josh Triplett wrote: > > > Package: mutt > > > Version: 1.14.3-1 > > > Severity: important > > > > > > "important" because it makes a previously working configuration > > > unusable. > > > > > > The fix for CVE-2020-14093 makes it so that when using a > > > preauthenticated connection (using `set tunnel` to SSH to the IMAP > > > server), mutt just prints "Encrypted connection unavailable" and refuses > > > the connection. An strace shows that mutt successfully runs SSH and gets > > > the preauthenticated IMAP connection. > > > > > > I do not have any ssl-related options set. Best guess: the default > > > ssl_starttls=yes makes mutt think it should starttls over preauth, which > > > it now avoids due to the CVE. > > > > I can confirm that setting ssl_starttls=no allows preauthenticated IMAP > > connections using `set tunnel` to work again. > > > > Created issue https://gitlab.com/muttmua/mutt/-/issues/250
Fix already in git, it will come up with 1.14.4-2
