-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Jul 2018 22:20:50 -0400 Source: mutt Binary: mutt mutt-patched mutt-dbg Architecture: source Version: 1.5.23-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Antonio Radici <antonio@dyne.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: mutt - text-based mailreader supporting MIME, GPG, PGP and threading mutt-dbg - debugging symbols for mutt mutt-patched - Mutt Mail User Agent with extra patches Closes: 904051 Changes: mutt (1.5.23-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. (Closes: 904051) * Fix arbitrary command execution by remote IMAP servers via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription (CVE-2018-14354) * Fix arbitrary command execution by remote IMAP servers via backquote characters, related to the mailboxes command associated with an automatic subscription (CVE-2018-14357) * Fix a stack-based buffer overflow caused by imap_quote_string() not leaving room for quote characters (CVE-2018-14352) * Fix an integer underflow in imap_quote_string() (CVE-2018-14353) * Fix mishandling of zero-length UID in pop.c (CVE-2018-14356) * Fix unsafe interaction between message-cache pathnames and certain characters in pop.c (CVE-2018-14362) * Fix mishandling of ".." directory traversal in IMAP mailbox name (CVE-2018-14355) * Fix a stack-based buffer overflow for an IMAP FETCH response with a long INTERNALDATE field (CVE-2018-14350) * Fix a stack-based buffer overflow for an IMAP FETCH response with a long RFC822.SIZE field (CVE-2018-14358) * Fix mishandling of an IMAP NO response without a message (CVE-2018-14349) * Fix mishandling of long IMAP status mailbox literal count size (CVE-2018-14351) * Fix a buffer overflow via base64 data (CVE-2018-14359) * Fix a stack-based buffer overflow because of incorrect sscanf usage (CVE-2018-14360) * Fix a defect where processing continues if memory allocation fails for NNTP messages (CVE-2018-14361) * Fix unsafe interaction between message-cache pathnames and certain characters in newsrc.c (CVE-2018-14363) Checksums-Sha1: 7993890724fb77d67a17971257ad0c268e463d34 2249 mutt_1.5.23-3+deb8u1.dsc 8ac821d8b1e25504a31bf5fda9c08d93a4acc862 3782032 mutt_1.5.23.orig.tar.gz 9c14dec005fb18a3ef10010bd2506cdbce24a0cb 134360 mutt_1.5.23-3+deb8u1.debian.tar.xz Checksums-Sha256: 3db7ab1db6f54932d41a8307de010354faabc660a746f413d42e96f4c06637f4 2249 mutt_1.5.23-3+deb8u1.dsc 3af0701e57b9e1880ed3a0dee34498a228939e854a16cdccd24e5e502626fd37 3782032 mutt_1.5.23.orig.tar.gz 005bd978a4493092b5541c06fd11263f6fbca0f4333842672f14155ad1527f4c 134360 mutt_1.5.23-3+deb8u1.debian.tar.xz Files: 9f3d92587267c68d79a463ea392457cf 2249 mail standard mutt_1.5.23-3+deb8u1.dsc 11f5b6a3eeba1afa1257fe93c9f26bff 3782032 mail standard mutt_1.5.23.orig.tar.gz 97ad82ce1f2b7c3b7f7a0893efadd101 134360 mail standard mutt_1.5.23-3+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAltigbIACgkQLNd4Xt2n sg/ygw/7BTsuI9RgtHiq4fuuyIuIlnIQiOARE2Jzosmd3jK/S8Ei+uSLCKHPS6wW TTCVBiIOcU8SvlqUcv+AlGxxCefXke+YCrXhMwp4dmWd/WnhOnebvLsLa22WomVU gTh3SNIQmmYN6sCpL382WZ/a+9G+PRfGYD0HoPbxSDZxZ5pYA345mtDKfyMemYi2 5GJEoDy43t/JKWgKkIekmGbBkR4MbyDwL6zhqcUa499b6TmsG/B5jstAL2n4U8MZ akRKYIMo8lDrRzch5BbNq5btXK6xcJnikraGR/zCcf+BX++MUu6/09MjtbdwELRF hWSHdNlxG6tVn1HO6wfvjLjYV7kRoCMtxeH7iQPL1Ac2VOJlqCjdtFh/k6LO5YGy 0LMV/1hO31uhx/grMxK2z8XEUb2wngPU6jtwFGrXrjmKH7afraaUxeYVSNeUR00Q 4nalEv3VpaNXfQKoHxzW1locm7hUZBmrRkHWOS8R0jARtQwzQsLZFdi+FhtfVy7S V92bYWJFsmsi+TBfS/+UmTgl1N9SL6U+Hqmhkhcu0TDYRNMhciBCYBvHruZG613W ZxfCHY3X+8kWLapVony9gKBgMB2r2gwHyKUd2dH8eagMRJTBZLGcj+sY0teSH4k7 Gp31fNzNY+oY8n9og5100tQoUiVjbh6SynaJBCzjCLn52z7o2eY= =/EiO -----END PGP SIGNATURE-----
