Your message dated Tue, 12 Sep 2023 17:47:28 +0000 with message-id <e1qg7u0-00ej2t...@fasolo.debian.org> and subject line Bug#1051563: fixed in mutt 2.0.5-4.1+deb11u3 has caused the Debian Bug report #1051563, regarding mutt: CVE-2023-4874 CVE-2023-4875 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mutt Version: 2.2.9-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for mutt. CVE-2023-4874[0]: | Null pointer dereference when viewing a specially crafted email in | Mutt >1.5.2 <2.2.12 CVE-2023-4875[1]: | Null pointer dereference when composing from a specially crafted | draft message in Mutt >1.5.2 <2.2.12 Make sure to include all three commits referenced from [2], the last one is technically not part of the two CVEs, but another crash found by upstream. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4874 https://www.cve.org/CVERecord?id=CVE-2023-4874 [1] https://security-tracker.debian.org/tracker/CVE-2023-4875 https://www.cve.org/CVERecord?id=CVE-2023-4875 [2] http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mutt Source-Version: 2.0.5-4.1+deb11u3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of mutt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated mutt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Sep 2023 13:53:23 +0200 Source: mutt Architecture: source Version: 2.0.5-4.1+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Mutt maintainers <m...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1051563 Changes: mutt (2.0.5-4.1+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix rfc2047 base64 decoding to abort on illegal characters. (CVE-2023-4874, CVE-2023-4875) (Closes: #1051563) * Check for NULL userhdrs. (CVE-2023-4875) (Closes: #1051563) * Fix write_one_header() illegal header check. (CVE-2023-4874) (Closes: #1051563) Checksums-Sha1: 241bdd85de80c5f0bd977f580500505d7ab250ab 2476 mutt_2.0.5-4.1+deb11u3.dsc 5254653d11f03e59d6a733f696076f4cebfa7324 5294710 mutt_2.0.5.orig.tar.gz 0ea5fe0ef496229bea4f2f71cf23fee8372ca4c0 833 mutt_2.0.5.orig.tar.gz.asc f5de9eb973394d041dc87f7548c58cedd1b66c28 109300 mutt_2.0.5-4.1+deb11u3.debian.tar.xz Checksums-Sha256: 778f98df98ce8369b3d6993de836f622bf86ffe2ac1bac30918e72026a97b0e7 2476 mutt_2.0.5-4.1+deb11u3.dsc e21d5aec0d3110f89d390929e56a38794a94f5843120d9ff59b21da78fd0004d 5294710 mutt_2.0.5.orig.tar.gz 9deff041e96664c2871e04eff30c0c77ac35d8a35a515c749bcbf205656c622c 833 mutt_2.0.5.orig.tar.gz.asc 622db451e11dfc415f7846180da19a77ff9c5f70e12cb95fe2019547cfba8a2c 109300 mutt_2.0.5-4.1+deb11u3.debian.tar.xz Files: 5ac3eb203c8ce68de7a457a5f459e0d6 2476 mail optional mutt_2.0.5-4.1+deb11u3.dsc f738a7d1d458d91420fe0759845e4d0a 5294710 mail optional mutt_2.0.5.orig.tar.gz ca23b5285b3b22b1b9ce6541bcec6162 833 mail optional mutt_2.0.5.orig.tar.gz.asc a8c8eb16f095bf30ba9bc560f148853a 109300 mail optional mutt_2.0.5-4.1+deb11u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT9rvNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E5BwP/1Q4QvzdIvGfjalJKgQbQG0/bgC7P62s ZNKwczlHjLbpQHj+aPXBuB4yKrr6RpEZUeHt6SKZtU07A4P0KrbYpiFx3UjfJjPW wGc4jYqd/YWPPrOcfpFLJXOOkPtbkyB13tl2DNy3M0/9MWc5WOObD0sH2/amtP+X g5g6xmgeIa3TmICiFHeokucWtNSH6wr4a4ebgjqSUI6o747rBuNJc0/FNqVkMbut JPposy9QYal6H5yAlUClMV4cYsHmZVLd8Dc3xSP43FOEtJzROViq1XlZqtcAIm1a 3QwWaxKq7U1k/fgIA+bsBFp35eFJgvY7a1jXjDuAsczk37rbphtPhOgwYlF3dmzr dNK8dLLv7QMBezYpGN7AGhInB2KKLLFa+1mHGCVWEeTh5S9gwmqs9wEQ1NSp/wk9 /du4qAW4erXsuCJshVVU1QkgwJqAlahclNybEDWPvcvAp58VlTYqWa94G8h7PGSh QxTXP4Xw/EyH9QCS0Jm6whbFmjaQCSBGQviSgUEFX9KUOaJYuPRNn8L9YyYxET/j D4EMR5YfsNRScVnU+A1XGRJt+yM9qUkssPIvPR7hVRR8ytfQ12+25qFQCCEeMgBe 4bbZnUHI0tKzbYlar2lHjKZUUMNTfzGbRKdYzI5dPZojIthK8ByzrBhTyhhOPfMU Ulio9NCMNjms =Isbv -----END PGP SIGNATURE-----
--- End Message ---
