Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2270 mutt security update 11 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-1328 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/05/msg00010.html Comment: CVSS (Max): 5.3 CVE-2022-1328 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2999-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta May 11, 2022 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : mutt Version : 1.7.2-1+deb9u6 CVE ID : CVE-2022-1328 Debian Bug : 1009734 It was discovered that Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, incorrectly handled certain input. An attacker could possibly use this issue to cause a crash, or expose sensitive information. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u6. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mutt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmJ63BMACgkQgj6WdgbD S5ZXkw//WJqpSwrZXGMwM9vs6ic9OKqtCJiifbvPmyWEBICzKTpPnn3MVtlaKqSQ 1hHkPpLYdi6Z9a+DnUNau7MjmhMC8J1b8kbYaJUvIttNezytDC1nwCXYzLAxH27P g8uLGPT6TxAxpUI/l76QCu8Bu/Bkobk9+pw+M0nXpwL3wd75z3pCX9H11oLHxsyf 6RbY1rjYVvW/Zqky7T4WFTm0R1trXizYHgzdRLRBund1rt9sbJjLvk1JLju/0iM8 usjYIywb8iMVfTMaVYqBGqmPo3ClsMhFJwLda9Z/b+Yrhn9VASDxWQjec+P0anys VQdT6CBKS9wtK/3mmaiulrF4k0mdbVGntLO4F8qg6Q8Dxn5Wqzd62Gsy4WxDDwnt UQAkZEo031l5fS1ogDor4J5UjcXXrpEJTGdC1oRM6bctp6QZPLkwQ12gcDeL5fLA MZVWfIJ4lj4vsJ8a6w2tCBaWI/A8BJsyMpw+Uu+J9dYlwRMOhVbv9Y39IKg6LFit cp9AE5mI8zi7TccfOg25/u1LBoIQSVT/WODDbzJKnT/hKxad2yUGEeeGML2hx2RW mf6J1QREChVM2yfbnN+wTcuU+Qn8qyeNnbli0tjyXHQHUhL1ikYeKnImCnMtiTc7 NWcscBnErpoc/bVmxhLA6VmZlYa7zi6NeO632leWlZLP3ZLFTkY= =72K5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYnsIOeNLKJtyKPYoAQgg0Q/+P9jOlve3z6l+a0tkfWGq8D85MvxN9Nhn DCE2x/LH8scRd6eB6t8haUjIzEIY3ftXA6e3mJokdjiJiBpIt16kd3i9Yf5hvGcs jON7kfk2fE1lskRMstJSvDRt55rPNTBcViOIjXnMaUcD0Vnqjgn6KFUbDlw0ZCXs urPK8j5hq5UPodoan6tAbqH/wkElgmv4BQAhbT5e7tiGaC67/zCO2Dqne88TlZXa Q+hu84z1iSJ53jUup1zIRazezMPsFUhfnYljDBFc8UUwNSycjSxHHxMmUclMM0gi ZLvf67wWrlpwJlt2/RDWflj0Kt5W3VzZPwMF8zYUlLAArsJFO8DRjEor9aBqAueu /ERjtRNgqE/PZAMq6ULTtdown4EJ17SWIXWyVp34WWhD1ld9mamfFApTMKRkbez9 mfJHl9WQtyKXrEbzSX40tBK2kMkYQ9iiqlgOfDNfWv3hu0jHGK45UvbM0XR8sIoP Wrp/2yt7dYx9lG1lVWzLC3Xti3h3a12uXoaZ2TOrWXgJnaiAqVYmx8eCe78/SpHf uqYsGA9XFodu4Au/G1gdFDsAxOeoU4ergiU2O23V42gftWsnl1vQe5EYTkUentKB MskIkMsbWtaB5TS9LvytIb7g/sdaO/HJnJljXfmE7oOIk4oqHY/5USiuR98fgHIF JB4FJ0afGSM= =piVZ -----END PGP SIGNATURE-----