neomutt 20180716 security update (fixes CVE-2018-14349

Nils Gillmann wrote 7 years ago

Recipients:(address . guix-patches@gnu.org)

Message-ID:20180806092910.4xv3lgbaszjrtibi@abyayala

Hi,

sorry for being late on this important update, life kept me busy.

From the release notes:

Toggle quote (21 lines)> Notes
> This is a small, but intensive, bug-fix release.
> It fixes some important security holes, so upgrading is strongly recommended.
> Some large architectural changes are coming, so the next release may be some months away.
>
> Security
> CVE-2018-14349 - NO Response Heap Overflow
> CVE-2018-14350 - INTERNALDATE Stack Overflow
> CVE-2018-14351 - STATUS Literal Length relative write
> CVE-2018-14352 - imap_quote_string off-by-one stack overflow
> CVE-2018-14353 - imap_quote_string int underflow
> CVE-2018-14354 - imap_subscribe Remote Code Execution
> CVE-2018-14355 - STATUS mailbox header cache directory traversal
> CVE-2018-14356 - POP empty UID NULL deref
> CVE-2018-14357 - LSUB Remote Code Execution
> CVE-2018-14358 - RFC822.SIZE Stack Overflow
> CVE-2018-14359 - base64 decode Stack Overflow
> CVE-2018-14360 - NNTP Group Stack Overflow
> CVE-2018-14361 - NNTP Write 1 where via GROUP response
> CVE-2018-14362 - POP Message Cache Directory Traversal
> CVE-2018-14363 - NNTP Header Cache Directory Traversal

From f710fd747ec39391c67a2b3d38294cdd81146186 Mon Sep 17 00:00:00 2001

CVE-2018-{14349,14350,14351,14352,14353,14354,14355,14356,14357,14358,14359,14360,14361,14362,14363}].

* gnu/packages/mail.scm (neomutt): Update to 20180716.

Signed-off-by: Nils Gillmann <ng0@n0.is>

---

gnu/packages/mail.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 67f490d41..2a6a17c80 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -300,7 +300,7 @@ operating systems.")
 (define-public neomutt
   (package
     (name "neomutt")
-    (version "20180323")
+    (version "20180716")
     (source
      (origin
        (method url-fetch)
@@ -308,7 +308,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "12v7zkm809cvjxfz0n7jb4qa410ns1ydyf0gjin99vbdrlj88jac"))))
+         "0072in2d6znwqq461shsaxlf40r4zr7w3j9848qvm4xlh1lq52dx"))))
     (build-system gnu-build-system)
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
-- 
2.18.0

Efraim Flashner wrote 7 years ago

Recipients:(address . 32373-done@debbugs.gnu.org)

Message-ID:20180806101128.GB32130@macbook41

Applied as 46add5615a49c0fbd125296be8a114b04a03412c

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 32373@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 32373

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date

neomutt 20180716 security update (fixes CVE-2018-14349 - CVE-2018-14363)