On 22 March 2011 21:23, Julien Cristau <jcris...@debian.org> wrote: > On Tue, Mar 22, 2011 at 12:57:17 +1100, david b wrote: > >> Package: mutt >> Version: 1.5.20-9+squeeze1 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> The gnutls implementation of ssl found in mutt, in mutt_ssl_gnutls.c, >> appears to not validate >> the common name of a remote server correctly. The openssl implementation >> found in mutt_ssl.c >> does perform this check correctly. >> Can the mutt package be re-build against openssl and not gnutls. >> > No, it can't. As far as I can tell mutt's license is GPL2+, which is > incompatible with openssl.
erh? really.... hmm well there is the build option --with-ssl [0].... :/ [0] - http://mutt.sourceforge.net/imap/README.SSL -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
