Source: neomutt Version: 20180622+dfsg.1-1 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerabilities were published for neomutt. CVE-2018-14349[0]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap/command.c mishandles a NO response without a message. CVE-2018-14350[1]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap/message.c has a stack-based buffer overflow for a | FETCH response with a long INTERNALDATE field. CVE-2018-14351[2]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap/command.c mishandles a long IMAP status mailbox | literal count size. CVE-2018-14352[3]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap_quote_string in imap/util.c does not leave room for | quote characters, leading to a stack-based buffer overflow. CVE-2018-14353[4]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. CVE-2018-14354[5]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. They allow remote IMAP servers to execute arbitrary | commands via backquote characters, related to the mailboxes command | associated with a manual subscription or unsubscription. CVE-2018-14355[6]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap/util.c mishandles ".." directory traversal in a | mailbox name. CVE-2018-14356[7]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. pop.c mishandles a zero-length UID. CVE-2018-14357[8]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. They allow remote IMAP servers to execute arbitrary | commands via backquote characters, related to the mailboxes command | associated with an automatic subscription. CVE-2018-14358[9]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. imap/message.c has a stack-based buffer overflow for a | FETCH response with a long RFC822.SIZE field. CVE-2018-14359[10]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. They have a buffer overflow via base64 data. CVE-2018-14360[11]: | An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in | newsrc.c has a stack-based buffer overflow because of incorrect sscanf | usage. CVE-2018-14361[12]: | An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds | even if memory allocation fails for messages data. CVE-2018-14362[13]: | An issue was discovered in Mutt before 1.10.1 and NeoMutt before | 2018-07-16. pop.c does not forbid characters that may have unsafe | interaction with message-cache pathnames, as demonstrated by a '/' | character. CVE-2018-14363[14]: | An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not | properly restrict '/' characters that may have unsafe interaction with | cache pathnames. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Just updating to version containg all the fixes might be the more straingforwardest option. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14349 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349 [1] https://security-tracker.debian.org/tracker/CVE-2018-14350 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350 [2] https://security-tracker.debian.org/tracker/CVE-2018-14351 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351 [3] https://security-tracker.debian.org/tracker/CVE-2018-14352 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352 [4] https://security-tracker.debian.org/tracker/CVE-2018-14353 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353 [5] https://security-tracker.debian.org/tracker/CVE-2018-14354 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354 [6] https://security-tracker.debian.org/tracker/CVE-2018-14355 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355 [7] https://security-tracker.debian.org/tracker/CVE-2018-14356 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356 [8] https://security-tracker.debian.org/tracker/CVE-2018-14357 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357 [9] https://security-tracker.debian.org/tracker/CVE-2018-14358 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358 [10] https://security-tracker.debian.org/tracker/CVE-2018-14359 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359 [11] https://security-tracker.debian.org/tracker/CVE-2018-14360 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360 [12] https://security-tracker.debian.org/tracker/CVE-2018-14361 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361 [13] https://security-tracker.debian.org/tracker/CVE-2018-14362 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362 [14] https://security-tracker.debian.org/tracker/CVE-2018-14363 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363 Regards, Salvatore
