On Tue, Mar 22, 2011 at 12:57:17 +1100, david b wrote: > Package: mutt > Version: 1.5.20-9+squeeze1 > Severity: grave > Tags: security > Justification: user security hole > > The gnutls implementation of ssl found in mutt, in mutt_ssl_gnutls.c, appears > to not validate > the common name of a remote server correctly. The openssl implementation > found in mutt_ssl.c > does perform this check correctly. > Can the mutt package be re-build against openssl and not gnutls. > No, it can't. As far as I can tell mutt's license is GPL2+, which is incompatible with openssl.
Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
