On Mon, Jun 15, 2020 at 06:38:44PM +0200, Salvatore Bonaccorso wrote: > Source: mutt > Version: 1.14.0-1 > Severity: important > Tags: security upstream > > Hi, > > The following vulnerability was published for mutt. > > CVE-2020-14093[0]: > | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle > | attack via a PREAUTH response. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-14093 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093 > [1] > https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 > > Please adjust the affected versions in the BTS as needed.
The updated package will be uploaded between today and tomorrow
