On Tue, Mar 22, 2011 at 12:57:17PM +1100, david b wrote: > Package: mutt > Version: 1.5.20-9+squeeze1 > Severity: grave > Tags: security > Justification: user security hole > > The gnutls implementation of ssl found in mutt, in mutt_ssl_gnutls.c, appears > to not validate > the common name of a remote server correctly. The openssl implementation > found in mutt_ssl.c > does perform this check correctly. > Can the mutt package be re-build against openssl and not gnutls. > > This bug is reported upstream at http://dev.mutt.org/trac/ticket/3506.
Is there a CVE for this? Cheers Antonio -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
