|Reported by:||Owned by:|
From Kevin J. McCarthy on mutt-announce:
Hi Mutt Users,
I've just released version 1.10.1. Instructions for downloading can be found at <http://www.mutt.org/download.html>. This is a bug fix release, and includes a few important security fixes. I strongly recommend IMAP and POP users upgrade as soon as possible.
This release merits special thanks to a couple security researchers.
Jeriko One discovered a host of vulnerabilities in the IMAP and POP code. His bug reports were detailed, and included demonstration code and suggested fixes.
Marcus Brinkmann discovered an issue with encrypted email spoofing, and reported the issue to GnuPG and Mutt. There is a new option $pgp_check_gpg_decrypt_status_fd to check for this. If you have any issues, please check your configuration against contrib/gpg.rc.
Also, thanks is due to Richard Russon. An unfortunately timed absence left me scrambling to get the fixes in. Richard kindly shared his patches and delayed his release until today, to give me time to prepare the release.