Your message dated Tue, 12 Sep 2023 18:47:15 +0000 with message-id <e1qg8pr-00erx2...@fasolo.debian.org> and subject line Bug#1051563: fixed in mutt 2.2.9-1+deb12u1 has caused the Debian Bug report #1051563, regarding mutt: CVE-2023-4874 CVE-2023-4875 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mutt Version: 2.2.9-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for mutt. CVE-2023-4874[0]: | Null pointer dereference when viewing a specially crafted email in | Mutt >1.5.2 <2.2.12 CVE-2023-4875[1]: | Null pointer dereference when composing from a specially crafted | draft message in Mutt >1.5.2 <2.2.12 Make sure to include all three commits referenced from [2], the last one is technically not part of the two CVEs, but another crash found by upstream. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4874 https://www.cve.org/CVERecord?id=CVE-2023-4874 [1] https://security-tracker.debian.org/tracker/CVE-2023-4875 https://www.cve.org/CVERecord?id=CVE-2023-4875 [2] http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mutt Source-Version: 2.2.9-1+deb12u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of mutt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated mutt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Sep 2023 12:57:40 +0200 Source: mutt Architecture: source Version: 2.2.9-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Mutt maintainers <m...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1051563 Changes: mutt (2.2.9-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix rfc2047 base64 decoding to abort on illegal characters. (CVE-2023-4874, CVE-2023-4875) (Closes: #1051563) * Check for NULL userhdrs. (CVE-2023-4875) (Closes: #1051563) * Fix write_one_header() illegal header check. (CVE-2023-4874) (Closes: #1051563) Checksums-Sha1: 05ac33a23ef842199c82d6c8de58534535ab6cfa 2465 mutt_2.2.9-1+deb12u1.dsc 88e057097697441b96acec5882887c057ab93a98 5526236 mutt_2.2.9.orig.tar.gz 3af2bdbf259fdda4557d57229ef19ae2125c1fcc 833 mutt_2.2.9.orig.tar.gz.asc 7e91aa2fb3df0017accec7e7f7cf56708298e490 63120 mutt_2.2.9-1+deb12u1.debian.tar.xz Checksums-Sha256: 5e76b0c44c2c304761288746fcc904a7de76fdf34e2402bf3211d7508bdc813c 2465 mutt_2.2.9-1+deb12u1.dsc fa531b231d58fe1f30ceda0ed626683ea9ebdfb76ce47ef8bb27c2f77422cffb 5526236 mutt_2.2.9.orig.tar.gz e35e9ea2f128976037c8e6f9ae7c57ba0b1520981b45d3bc9ab07eb42cf11de2 833 mutt_2.2.9.orig.tar.gz.asc 0cd540b84ab7c52ba3b06983994efd2f29d3def0cc1d1c33cb53b788095f1392 63120 mutt_2.2.9-1+deb12u1.debian.tar.xz Files: a3e6d529803433f896400326430da2f0 2465 mail optional mutt_2.2.9-1+deb12u1.dsc 14cbaec4cc88ad8147fbe6df8a2d48fd 5526236 mail optional mutt_2.2.9.orig.tar.gz 00aad8b2a4da8e02734cb6a3d9ebab0e 833 mail optional mutt_2.2.9.orig.tar.gz.asc 1e7bb46fd33f5d9cea7b780aa3b9d76a 63120 mail optional mutt_2.2.9-1+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT9ofdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuIgP/2jvydn4UUbPdviuUEzJT8by33FmS8of O+fCLV7BF2DGFc0htmMF7GOWYVjbDB/EHsabDzHsnphtQE7c61F8jF7ULbgQHRab OTMeD8x+uKZPS5v7+66lwAuHGOYHjaNnUh4rbkuoBgK6+pb3HsJsJT03AVZwd0z9 +JNkZhm3MXkQyFhzAgKbamq33zyuyA3DmuW2FAANg1ER0iQjnO/IviOAmO6TZZvI +/S+aMy6po5IvrYN0gIXbgJPX7Ig0H/hvrKyodwdWWPyvoNc9wwnMoRLl4flB5vU BiDbOHe1kfPYp8mIjZYPwgJ1NwmdhK8HYbFUFzn3FM1LO/XwSGFo2zo4XZLYvdJm 1KAjcbj0Ng+iHmcBTt2EytxmgvgPkh/edCKn3u0DhpLsJ+tIFQdoaqo7F4rg8uYk +ZLpRCP2AoxK1EexPFPFXVHufBohaQW2IQdCVkvAIwJGf57unMCQK+o0yZOGmegR 0A21FiY56tkw3pYadfRIgRENz1bt9ZV+d6AQ8+m+YxaBCaYRWRSFqf045dbvAedQ 5LuTXNC8IoRmY5Y0FyB24I+9xtd7e5/L31rE4DLd9JcPNTLuwWu8hl9NjctswL/K ieA5zPdL/VLeInR69goaMAmV/QAjRs/fS2iQL2KQSL29iHOFNGyodEbapL5X6g9b J2QSMYy0cTgn =8/qe -----END PGP SIGNATURE-----
--- End Message ---
