[SECURITY] [DLA 2529-1] mutt security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2529-1] mutt security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Thu, 21 Jan 2021 01:46:12 +0530
Message-id: <[🔎] CAPP0f94Gtf7w1cM-BnrfS56a45huZ6oFMJ75CM_0wW_yu4tE+Q@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2529-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 21, 2021                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : mutt
Version        : 1.7.2-1+deb9u5
CVE ID         : CVE-2021-3181
Debian Bug     : 980326

rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending
email messages with sequences of semicolon characters in
RFC822 address fields (aka terminators of empty groups).

A small email message from the attacker can cause large
memory consumption, and the victim may then be unable to
see email messages from other persons.

For Debian 9 stretch, this problem has been fixed in version
1.7.2-1+deb9u5.

We recommend that you upgrade your mutt packages.

For the detailed security status of mutt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mutt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAIjx0ACgkQgj6WdgbD
S5bk0A/+JMLuHGnyWqpA+QYC4uNYvZKCUvA8YjV8fp/CJ6Jpekxa7LJ32VsazQcM
D/8tOQibVZ+iHaxuGBgQ3Zd9Ar9b+VUkQYJtkESpho6I0r/Se1G9pfbRb94IjdiT
w3KSL3wycHPH02379fe1Mf7UVZJHmF161F6SRGP8oQwFn44nY9cRwhFzqgIHcbb0
BxCYGkMsxT/jQq9MC7x5TZBZBzOw9racTYstKafUS7UxwTo/k+gzuDZH6nCjzohN
ux+24HPDhdmzx0DtJZ7TsHEyXgHeF/2+rLSTg3Q7FCna+x0EXNes46UHJq89tgUi
UYRD5VuhfKbTSw3vf84kqGQs9VBbfaEwpHoRqqdLgyMwIlG3jbIy+mIZgq/p0DBn
E0sWVQIyr0DCtAlJ1YT2Z0cT7ox6Gn2aIQrE2IIPPxA2xw2mjdfHzK+q4bwocY3U
zLvyxT1us2IU8fOZuSL1WS/rIIKN0sAXtwj2SCAEbN10o6XuXZdVJmdjxKWzCsog
xj5YWAd8aD01Kw7xypuxVsf2FlujHFXGM1zFBMxy4kEYt46EiIl6ZfSNApOiuo/5
RZpqQTdOsbd2EhX4HybPj7iLun9CQlDZUFU7j4xPao9z0JWDUK35csGNrQlH5SDb
cl1H6k7/zQNKfIN4mDQPrKnzroetqzyDmJJyxNMIgs50hX9mOqo=
=lmGl
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2528-1] gst-plugins-bad1.0 security update
Next by Date: [SECURITY] [DLA-2530-1] drupal7 security update
Previous by thread: [SECURITY] [DLA 2528-1] gst-plugins-bad1.0 security update
Next by thread: [SECURITY] [DLA-2530-1] drupal7 security update
Index(es):
- Date
- Thread