-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2529-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta January 21, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : mutt Version : 1.7.2-1+deb9u5 CVE ID : CVE-2021-3181 Debian Bug : 980326 rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u5. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mutt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAIjx0ACgkQgj6WdgbD S5bk0A/+JMLuHGnyWqpA+QYC4uNYvZKCUvA8YjV8fp/CJ6Jpekxa7LJ32VsazQcM D/8tOQibVZ+iHaxuGBgQ3Zd9Ar9b+VUkQYJtkESpho6I0r/Se1G9pfbRb94IjdiT w3KSL3wycHPH02379fe1Mf7UVZJHmF161F6SRGP8oQwFn44nY9cRwhFzqgIHcbb0 BxCYGkMsxT/jQq9MC7x5TZBZBzOw9racTYstKafUS7UxwTo/k+gzuDZH6nCjzohN ux+24HPDhdmzx0DtJZ7TsHEyXgHeF/2+rLSTg3Q7FCna+x0EXNes46UHJq89tgUi UYRD5VuhfKbTSw3vf84kqGQs9VBbfaEwpHoRqqdLgyMwIlG3jbIy+mIZgq/p0DBn E0sWVQIyr0DCtAlJ1YT2Z0cT7ox6Gn2aIQrE2IIPPxA2xw2mjdfHzK+q4bwocY3U zLvyxT1us2IU8fOZuSL1WS/rIIKN0sAXtwj2SCAEbN10o6XuXZdVJmdjxKWzCsog xj5YWAd8aD01Kw7xypuxVsf2FlujHFXGM1zFBMxy4kEYt46EiIl6ZfSNApOiuo/5 RZpqQTdOsbd2EhX4HybPj7iLun9CQlDZUFU7j4xPao9z0JWDUK35csGNrQlH5SDb cl1H6k7/zQNKfIN4mDQPrKnzroetqzyDmJJyxNMIgs50hX9mOqo= =lmGl -----END PGP SIGNATURE-----