I've just released version 1.14.4. Instructions for downloading are available
at <http://www.mutt.org/download.html>, or the tarball can be directly
downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take the time to
verify the signature file against my public key.
This is an important security release fixing a possible machine-in-the-middle
response injection attack when using STARTTLS with IMAP, POP3, and SMTP. (For
packagers, I've requested a CVE and will update the website when I have the
number).
Thanks again to Damian Poddebniak and Fabian Ising from the Münster University
of Applied Sciences for reporting this issue, including providing exhaustive
tests.
Hello Mutt Users,
I've just released version 1.14.4. Instructions for downloading are available at <http://www.mutt.org/download.html>, or the tarball can be directly downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take the time to verify the signature file against my public key.
This is an important security release fixing a possible machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP. (For packagers, I've requested a CVE and will update the website when I have the number).
Thanks again to Damian Poddebniak and Fabian Ising from the Münster University of Applied Sciences for reporting this issue, including providing exhaustive tests.
-Kevin