Bug 25909 - mutt new security issue rhbz#1710397
Summary: mutt new security issue rhbz#1710397
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-19 23:34 CET by David Walser
Modified: 2020-01-16 11:14 CET (History)
2 users (show)

See Also:
Source RPM: mutt-1.11.4-1.mga7.src.rpm
CVE:
Status comment: Fixed upstream in 1.12.0


Attachments

Description David Walser 2019-12-19 23:34:13 CET
Fedora has issued an advisory on June 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HFKINLAEILYIEVUIJEZJWTMS2OUJZBUD/

The issue is fixed upstream in 1.12.0.
Comment 1 Lewis Smith 2019-12-20 20:42:05 CET
Assigning to wally as both registered and actual maintainer.

Assignee: bugsquad => jani.valimaa

David Walser 2020-01-14 17:41:05 CET

Status comment: (none) => Fixed upstream in 1.12.0

Jani Välimaa 2020-01-14 18:27:23 CET

See Also: (none) => https://bugzilla.redhat.com/show_bug.cgi?id=1710397

Comment 2 Jani Välimaa 2020-01-14 18:34:57 CET
Added an upstream patch [1] to fix the issue. Please test mutt-1.11.4-1.1.mga7 from core/updates_testing.

[1] https://gitlab.com/muttmua/mutt/commit/3b6f6b829718ec8a7cf3eb6997d86e83e6c38567

Assignee: jani.valimaa => qa-bugs
See Also: (none) => http://bugs.debian.org/929017

Comment 3 Jani Välimaa 2020-01-14 18:36:19 CET
SRPMS:
mutt-1.11.4-1.1.mga7

RPMS:
mutt-1.11.4-1.1.mga7
mutt-doc-1.11.4-1.1.mga7

CC: (none) => jani.valimaa

Comment 4 David Walser 2020-01-14 18:40:40 CET
Advisory:
========================

Updated mutt packages fix security vulnerability:

Invalid format of RFC parameter passed to atoi() function in rfc2231.c could
lead to unexpected behavior (rhbz#1710397, bdo#929017).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1710397
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929017
Comment 5 Herman Viaene 2020-01-16 11:14:17 CET
MGA7-64 Plasma on Lenovo B50
No installation issues.
Found some info on the use of mutt at https://www.thegeekdiary.com/how-to-install-and-configure-mutt-in-centos-rhel/
Tried to use mutt to send an e-mail from my hotmail account to my gmail account, but got into trouble defining the smtp parameters
MS seems to do something strange for "direct mail"
Swapped around, sending from gmail to hotmail gets me a bt further but still I run into a problem I cannot solve right now:
$ echo "" | mutt -s "testmutt" -i body.txt  herman.viaene@hotmail.be
Verbinding met smtp.gmail.com beëindigd (Connection closed)
SMTP-sessie is mislukt: leesfout (smptp session failed: read error)
Bericht kon niet verstuurd worden. (message could not be sent)
The file body.txt used in the command just contains one line of plain text.

CC: (none) => herman.viaene


Note You need to log in before you can comment on or make changes to this bug.