Bug 27809

Summary: neomutt security issue CVE-2020-14954
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-14954
Whiteboard:
Source RPM: neomutt-20180716-0.4.mga7.src CVE:
Status comment:

Description Zombie Ryushu 2020-12-13 02:58:30 CET
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Comment 1 David Walser 2020-12-13 04:44:21 CET
Already reported.  Use the search feature!!!

*** This bug has been marked as a duplicate of bug 27232 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE