[Buildroot] [PATCH 1/1] package/mutt: fix CVE-2020-28896

Peter Korsgaard peter at korsgaard.com
Thu Dec 24 08:34:39 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
 > $ssl_force_tls was processed if an IMAP server's initial server response
 > was invalid. The connection was not properly closed, and the code could
 > continue attempting to authenticate. This could result in authentication
 > credentials being exposed on an unencrypted connection, or to a
 > machine-in-the-middle.

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2020.02.x, 2020.08.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list