mutt is vulnerable to arbitrary code execution. The vulnerability exists through an integer underflow in imap_quote_string
of imap/util.c
.
Vendor | Product | Version | CPE |
---|---|---|---|
- | mutt\ | xenial | cpe:2.3:a:-:mutt\:xenial:1.5.24:*:*:*:*:*:*:* |
- | mutt\ | trusty | cpe:2.3:a:-:mutt\:trusty:1.5.21-6.4ubuntu2:*:*:*:*:*:*:* |
- | neomutt\ | buster | cpe:2.3:a:-:neomutt\:buster:20180716+dfsg.1-1+deb10u1:*:*:*:*:*:*:* |
- | neomutt\ | buster | cpe:2.3:a:-:neomutt\:buster:20180716+dfsg.1-1+deb10u2:*:*:*:*:*:*:* |
www.mutt.org/news.html
github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
lists.debian.org/debian-lts-announce/2018/08/msg00001.html
neomutt.org/2018/07/16/release
security.gentoo.org/glsa/201810-07
usn.ubuntu.com/3719-1/
usn.ubuntu.com/3719-3/
www.debian.org/security/2018/dsa-4277