A denial of service issue due to memory leak has been fixed upstream in mutt: https://www.openwall.com/lists/oss-security/2021/01/17/2 The commit that fixed the issue is linked from the message above. Mageia 7 may also be affected (and maybe neomutt?).
fixed on mga8. Valid on mga7 src: mutt-1.11.4-1.5.mga7
CC: (none) => mageiaAssignee: jani.valimaa => qa-bugsVersion: Cauldron => 7
Nicolas, did you check neomutt? (also, the package is unmaintained for mga7) As for mutt: mutt-1.11.4-1.5.mga7 mutt-doc-1.11.4-1.5.mga7 from mutt-1.11.4-1.5.mga7.src.rpm
CVE-2021-3181 has been assigned for this: https://www.openwall.com/lists/oss-security/2021/01/19/10
Summary: mutt new denial of service security issue => mutt new denial of service security issue (CVE-2021-3181)
Debian-LTS has issued an advisory for this today (January 21): https://www.debian.org/lts/security/2021/dla-2529
Ubuntu has issued an advisory for this today (January 25): https://ubuntu.com/security/notices/USN-4703-1
Status comment: (none) => mutt patched, need to check if neomutt is affectedSeverity: normal => major
CVE: (none) => CVE-2021-3181Source RPM: mutt-2.0.4-1.mga8.src.rpm => mutt-1.11.4-1.4.mga7.src.rpmCC: (none) => ouaurelien
MGA7 64 Plasma + Postfix mail server to serve root mail. No installation issues with QA Repo Look previous BR, and see the advice from Mike in bug 25909 and run # mutt -f /var/spool/mail/root 13 kept, 0 deleted. See all MSEC reports. Looks OK for me. Validating. Advisory pushed to SVN. Not sure: Neomutt is not patched? (not in updates_testing).
Keywords: (none) => advisoryWhiteboard: (none) => MGA7-64-OK
Blocks: (none) => 28296
Keywords: (none) => validated_updateStatus comment: mutt patched, need to check if neomutt is affected => (none)CC: (none) => sysadmin-bugsSee Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=28296
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0070.html
Status: NEW => RESOLVEDResolution: (none) => FIXED