Opened 8 months ago
Closed 8 months ago
#18528 closed enhancement (fixed)
mutt-2.2.12
| Reported by: | Bruce Dubbs | Owned by: | |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (5)
comment:1 by , 8 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 8 months ago
Hello Mutt Users,
I've just released version 2.2.12. Instructions for downloading are available at <http://www.mutt.org/download.html>, or the tarball can be directly downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take the time to verify the signature file against my public key[1].
This is a bug-fix release, fixing two crash issues. One is possible by viewing a crafted message header, so upgrading is strongly recommended.
Vendors, please backport these commits if possible:
- <https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch>
- <https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch>
- <https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch>
A special thanks to Chenyuan Mi (@morningbread) for discovering the message composition crashes, giving a working example draft message, and providing the stack traces for the NULL deferences.
comment:3 by , 8 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 8 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA-12.0-002 created.
Contains a security fix in it that is exploitable via mail headers.