Source: mutt Version: 2.2.9-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for mutt. CVE-2023-4874[0]: | Null pointer dereference when viewing a specially crafted email in | Mutt >1.5.2 <2.2.12 CVE-2023-4875[1]: | Null pointer dereference when composing from a specially crafted | draft message in Mutt >1.5.2 <2.2.12 Make sure to include all three commits referenced from [2], the last one is technically not part of the two CVEs, but another crash found by upstream. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4874 https://www.cve.org/CVERecord?id=CVE-2023-4874 [1] https://security-tracker.debian.org/tracker/CVE-2023-4875 https://www.cve.org/CVERecord?id=CVE-2023-4875 [2] http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore