tags 668583 + patch thanks I've just hit this. The upstream fix works. Attached is a port of it to the current mutt version in Debian. I've tested this. The latest upstream version 1.5.22 has this applied.
Please let me know if you will have time to apply this in the near future, I could sort out an NMU if not.
diff -u mutt-1.5.21/debian/changelog mutt-1.5.21/debian/changelog --- mutt-1.5.21/debian/changelog +++ mutt-1.5.21/debian/changelog @@ -1,3 +1,11 @@ +mutt (1.5.21-6.2+deb7u1.1) unstable; urgency=low + + * Non-maintainer upload. + * Apply upstream patch to avoid a NULL dereference in the GPGME + code. Closes: #668583. + + -- Jonathan Dowland <[email protected]> Sun, 20 Oct 2013 16:46:09 +0100 + mutt (1.5.21-6.2+deb7u1) stable; urgency=low * Non-maintainer upload with maintainer approval. diff -u mutt-1.5.21/debian/patches/series mutt-1.5.21/debian/patches/series --- mutt-1.5.21/debian/patches/series +++ mutt-1.5.21/debian/patches/series @@ -53,6 +53,7 @@ upstream/619216-gnutls-CN-validation.patch upstream/611410-no-implicit_autoview-for-text-html.patch upstream/path_max +upstream/3574-gpgme-segfault.patch misc/579967-fixes-german-translation.patch only in patch2: unchanged: --- mutt-1.5.21.orig/debian/patches/upstream/3574-gpgme-segfault.patch +++ mutt-1.5.21/debian/patches/upstream/3574-gpgme-segfault.patch @@ -0,0 +1,17 @@ +Fix NULL pointer dereference in notation name + +<http://dev.mutt.org/trac/ticket/3574> + +diff -r c26dbc7021f4 crypt-gpgme.c +--- a/crypt-gpgme.c Tue Dec 20 22:24:35 2011 -0800 ++++ b/crypt-gpgme.c Sun Apr 22 22:40:02 2012 +0200 +@@ -72,7 +72,8 @@ + #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) + + #define PKA_NOTATION_NAME "[email protected]" +-#define is_pka_notation(notation) (! strcmp ((notation)->name, \ ++#define is_pka_notation(notation) ((notation)->name && \ ++ ! strcmp ((notation)->name, \ + PKA_NOTATION_NAME)) + + /* Values used for comparing addresses. */
