Bug#962897: mutt: CVE-2020-14093

[Antonio Radici]

On Mon, Jun 15, 2020 at 06:38:44PM +0200, Salvatore Bonaccorso wrote:
> Source: mutt
> Version: 1.14.0-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> The following vulnerability was published for mutt.
> 
> CVE-2020-14093[0]:
> | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle
> | attack via a PREAUTH response.
> 
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2020-14093
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093
> [1] 
> https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
> 
> Please adjust the affected versions in the BTS as needed.

The updated package will be uploaded between today and tomorrow

Bug#962897: mutt: CVE-2020-14093

[Salvatore Bonaccorso]

Source: mutt
Version: 1.14.0-1
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for mutt.

CVE-2020-14093[0]:
| Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle
| attack via a PREAUTH response.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-14093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093
[1] 
https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore