[SECURITY] [DSA 5494-1] mutt security update

2023-09-1018:52:02

lists.debian.org

update

debian

mutt

flaws

dereference

null pointer

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.5%

JSON

Debian Security Advisory DSA-5494-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 10, 2023 https://www.debian.org/security/faq

Package : mutt
CVE ID : CVE-2023-4874 CVE-2023-4875
Debian Bug : 1051563

Several NULL pointer dereference flaws were discovered in Mutt, a
text-based mailreader supporting MIME, GPG, PGP and threading, which may
result in denial of service (application crash) when viewing a specially
crafted email or when composing from a specially crafted draft message.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.0.5-4.1+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in
version 2.2.9-1+deb12u1.

We recommend that you upgrade your mutt packages.

For the detailed security status of mutt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/mutt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian12s390xmutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_s390x.deb
Debian11amd64mutt< 2.0.5-4.1+deb11u3mutt_2.0.5-4.1+deb11u3_amd64.deb
Debian12mips64elmutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_mips64el.deb
Debian12armhfmutt-dbgsym< 2.2.9-1+deb12u1mutt-dbgsym_2.2.9-1+deb12u1_armhf.deb
Debian11allmutt< 2.0.5-4.1+deb11u3mutt_2.0.5-4.1+deb11u3_all.deb
Debian11armhfmutt< 2.0.5-4.1+deb11u3mutt_2.0.5-4.1+deb11u3_armhf.deb
Debian10arm64mutt< 1.10.1-2.1+deb10u7mutt_1.10.1-2.1+deb10u7_arm64.deb
Debian12armelmutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_armel.deb
Debian12amd64mutt< 2.2.9-1+deb12u1mutt_2.2.9-1+deb12u1_amd64.deb
Debian11ppc64elmutt-dbgsym< 2.0.5-4.1+deb11u3mutt-dbgsym_2.0.5-4.1+deb11u3_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	s390x	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_s390x.deb
Debian	11	amd64	mutt	< 2.0.5-4.1+deb11u3	mutt_2.0.5-4.1+deb11u3_amd64.deb
Debian	12	mips64el	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_mips64el.deb
Debian	12	armhf	mutt-dbgsym	< 2.2.9-1+deb12u1	mutt-dbgsym_2.2.9-1+deb12u1_armhf.deb
Debian	11	all	mutt	< 2.0.5-4.1+deb11u3	mutt_2.0.5-4.1+deb11u3_all.deb
Debian	11	armhf	mutt	< 2.0.5-4.1+deb11u3	mutt_2.0.5-4.1+deb11u3_armhf.deb
Debian	10	arm64	mutt	< 1.10.1-2.1+deb10u7	mutt_1.10.1-2.1+deb10u7_arm64.deb
Debian	12	armel	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_armel.deb
Debian	12	amd64	mutt	< 2.2.9-1+deb12u1	mutt_2.2.9-1+deb12u1_amd64.deb
Debian	11	ppc64el	mutt-dbgsym	< 2.0.5-4.1+deb11u3	mutt-dbgsym_2.0.5-4.1+deb11u3_ppc64el.deb