-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Sep 2023 12:57:40 +0200 Source: mutt Architecture: source Version: 2.2.9-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Mutt maintainers <mutt@packages.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1051563 Changes: mutt (2.2.9-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix rfc2047 base64 decoding to abort on illegal characters. (CVE-2023-4874, CVE-2023-4875) (Closes: #1051563) * Check for NULL userhdrs. (CVE-2023-4875) (Closes: #1051563) * Fix write_one_header() illegal header check. (CVE-2023-4874) (Closes: #1051563) Checksums-Sha1: 05ac33a23ef842199c82d6c8de58534535ab6cfa 2465 mutt_2.2.9-1+deb12u1.dsc 88e057097697441b96acec5882887c057ab93a98 5526236 mutt_2.2.9.orig.tar.gz 3af2bdbf259fdda4557d57229ef19ae2125c1fcc 833 mutt_2.2.9.orig.tar.gz.asc 7e91aa2fb3df0017accec7e7f7cf56708298e490 63120 mutt_2.2.9-1+deb12u1.debian.tar.xz Checksums-Sha256: 5e76b0c44c2c304761288746fcc904a7de76fdf34e2402bf3211d7508bdc813c 2465 mutt_2.2.9-1+deb12u1.dsc fa531b231d58fe1f30ceda0ed626683ea9ebdfb76ce47ef8bb27c2f77422cffb 5526236 mutt_2.2.9.orig.tar.gz e35e9ea2f128976037c8e6f9ae7c57ba0b1520981b45d3bc9ab07eb42cf11de2 833 mutt_2.2.9.orig.tar.gz.asc 0cd540b84ab7c52ba3b06983994efd2f29d3def0cc1d1c33cb53b788095f1392 63120 mutt_2.2.9-1+deb12u1.debian.tar.xz Files: a3e6d529803433f896400326430da2f0 2465 mail optional mutt_2.2.9-1+deb12u1.dsc 14cbaec4cc88ad8147fbe6df8a2d48fd 5526236 mail optional mutt_2.2.9.orig.tar.gz 00aad8b2a4da8e02734cb6a3d9ebab0e 833 mail optional mutt_2.2.9.orig.tar.gz.asc 1e7bb46fd33f5d9cea7b780aa3b9d76a 63120 mail optional mutt_2.2.9-1+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT9ofdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuIgP/2jvydn4UUbPdviuUEzJT8by33FmS8of O+fCLV7BF2DGFc0htmMF7GOWYVjbDB/EHsabDzHsnphtQE7c61F8jF7ULbgQHRab OTMeD8x+uKZPS5v7+66lwAuHGOYHjaNnUh4rbkuoBgK6+pb3HsJsJT03AVZwd0z9 +JNkZhm3MXkQyFhzAgKbamq33zyuyA3DmuW2FAANg1ER0iQjnO/IviOAmO6TZZvI +/S+aMy6po5IvrYN0gIXbgJPX7Ig0H/hvrKyodwdWWPyvoNc9wwnMoRLl4flB5vU BiDbOHe1kfPYp8mIjZYPwgJ1NwmdhK8HYbFUFzn3FM1LO/XwSGFo2zo4XZLYvdJm 1KAjcbj0Ng+iHmcBTt2EytxmgvgPkh/edCKn3u0DhpLsJ+tIFQdoaqo7F4rg8uYk +ZLpRCP2AoxK1EexPFPFXVHufBohaQW2IQdCVkvAIwJGf57unMCQK+o0yZOGmegR 0A21FiY56tkw3pYadfRIgRENz1bt9ZV+d6AQ8+m+YxaBCaYRWRSFqf045dbvAedQ 5LuTXNC8IoRmY5Y0FyB24I+9xtd7e5/L31rE4DLd9JcPNTLuwWu8hl9NjctswL/K ieA5zPdL/VLeInR69goaMAmV/QAjRs/fS2iQL2KQSL29iHOFNGyodEbapL5X6g9b J2QSMYy0cTgn =8/qe -----END PGP SIGNATURE-----
