[Buildroot] [PATCH 1/1] package/mutt: security bump to version 2.0.7

Peter Korsgaard peter at korsgaard.com
Mon Jun 7 21:34:19 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-32055: Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt
 > 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which
 > imap/util.c has an out-of-bounds read in situations where an IMAP
 > sequence set ends with a comma. NOTE: the $imap_qresync setting for
 > QRESYNC is not enabled by default.

 > https://gitlab.com/muttmua/mutt/-/blob/mutt-2-0-7-rel/ChangeLog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

For 2021.02.x I have instead backported the upstream patch to fix the
issue for our 1.14.7 version.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list