#13687 closed enhancement (fixed)
mutt-1.14.4
| Reported by: | Bruce Dubbs | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Note:
See TracTickets
for help on using tickets.
Hello Mutt Users,
I've just released version 1.14.4. Instructions for downloading are available at <http://www.mutt.org/download.html>, or the tarball can be directly downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take the time to verify the signature file against my public key.
This is an important security release fixing a possible machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP. (For packagers, I've requested a CVE and will update the website when I have the number).
Thanks again to Damian Poddebniak and Fabian Ising from the Münster University of Applied Sciences for reporting this issue, including providing exhaustive tests.
-Kevin