[SECURITY] [DLA 3574-1] mutt security update

2023-09-2017:40:21

lists.debian.org

cve-2023-4874

debian

mutt

denial of service

cve-2023-4875

debian 10 buster

security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

Debian LTS Advisory DLA-3574-1 [email protected]
https://www.debian.org/lts/security/ Santiago Ruano Rincón
September 20, 2023 https://wiki.debian.org/LTS

Package : mutt
Version : 1.10.1-2.1+deb10u7
CVE ID : CVE-2023-4874 CVE-2023-4875
Debian Bug : 1051563

Two NULL pointer dereference flaws were discovered in Mutt, a text-based
mailreader supporting MIME, GPG, PGP and threading, which may result in
denial of service (application crash) when viewing a specially crafted
email or when composing from a specially crafted draft message.

For Debian 10 buster, these problems have been fixed in version
1.10.1-2.1+deb10u7.

We recommend that you upgrade your mutt packages.

For the detailed security status of mutt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mutt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian11arm64mutt< 2.0.5-4.1+deb11u3mutt_2.0.5-4.1+deb11u3_arm64.deb
Debian12armhfmutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_armhf.deb
Debian11armelmutt< 2.0.5-4.1+deb11u3mutt_2.0.5-4.1+deb11u3_armel.deb
Debian12s390xmutt-dbgsym< 2.2.9-1+deb12u1mutt-dbgsym_2.2.9-1+deb12u1_s390x.deb
Debian11arm64mutt-dbgsym< 2.0.5-4.1+deb11u3mutt-dbgsym_2.0.5-4.1+deb11u3_arm64.deb
Debian12arm64mutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_arm64.deb
Debian12allmutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_all.deb
Debian11allmutt< 2.0.5-4.1+deb11u3mutt_2.0.5-4.1+deb11u3_all.deb
Debian12armhfmutt-dbgsym< 2.2.9-1+deb12u1mutt-dbgsym_2.2.9-1+deb12u1_armhf.deb
Debian12mips64elmutt-dbgsym< 2.2.9-1+deb12u1mutt-dbgsym_2.2.9-1+deb12u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	arm64	mutt	< 2.0.5-4.1+deb11u3	mutt_2.0.5-4.1+deb11u3_arm64.deb
Debian	12	armhf	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_armhf.deb
Debian	11	armel	mutt	< 2.0.5-4.1+deb11u3	mutt_2.0.5-4.1+deb11u3_armel.deb
Debian	12	s390x	mutt-dbgsym	< 2.2.9-1+deb12u1	mutt-dbgsym_2.2.9-1+deb12u1_s390x.deb
Debian	11	arm64	mutt-dbgsym	< 2.0.5-4.1+deb11u3	mutt-dbgsym_2.0.5-4.1+deb11u3_arm64.deb
Debian	12	arm64	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_arm64.deb
Debian	12	all	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_all.deb
Debian	11	all	mutt	< 2.0.5-4.1+deb11u3	mutt_2.0.5-4.1+deb11u3_all.deb
Debian	12	armhf	mutt-dbgsym	< 2.2.9-1+deb12u1	mutt-dbgsym_2.2.9-1+deb12u1_armhf.deb
Debian	12	mips64el	mutt-dbgsym	< 2.2.9-1+deb12u1	mutt-dbgsym_2.2.9-1+deb12u1_mips64el.deb