Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2270
mutt security update
11 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mutt
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-1328
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/05/msg00010.html
Comment: CVSS (Max): 5.3 CVE-2022-1328 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2999-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
May 11, 2022 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : mutt
Version : 1.7.2-1+deb9u6
CVE ID : CVE-2022-1328
Debian Bug : 1009734
It was discovered that Mutt, a text-based mailreader supporting MIME,
GPG, PGP and threading, incorrectly handled certain input. An attacker
could possibly use this issue to cause a crash, or expose sensitive
information.
For Debian 9 stretch, this problem has been fixed in version
1.7.2-1+deb9u6.
We recommend that you upgrade your mutt packages.
For the detailed security status of mutt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mutt
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmJ63BMACgkQgj6WdgbD
S5ZXkw//WJqpSwrZXGMwM9vs6ic9OKqtCJiifbvPmyWEBICzKTpPnn3MVtlaKqSQ
1hHkPpLYdi6Z9a+DnUNau7MjmhMC8J1b8kbYaJUvIttNezytDC1nwCXYzLAxH27P
g8uLGPT6TxAxpUI/l76QCu8Bu/Bkobk9+pw+M0nXpwL3wd75z3pCX9H11oLHxsyf
6RbY1rjYVvW/Zqky7T4WFTm0R1trXizYHgzdRLRBund1rt9sbJjLvk1JLju/0iM8
usjYIywb8iMVfTMaVYqBGqmPo3ClsMhFJwLda9Z/b+Yrhn9VASDxWQjec+P0anys
VQdT6CBKS9wtK/3mmaiulrF4k0mdbVGntLO4F8qg6Q8Dxn5Wqzd62Gsy4WxDDwnt
UQAkZEo031l5fS1ogDor4J5UjcXXrpEJTGdC1oRM6bctp6QZPLkwQ12gcDeL5fLA
MZVWfIJ4lj4vsJ8a6w2tCBaWI/A8BJsyMpw+Uu+J9dYlwRMOhVbv9Y39IKg6LFit
cp9AE5mI8zi7TccfOg25/u1LBoIQSVT/WODDbzJKnT/hKxad2yUGEeeGML2hx2RW
mf6J1QREChVM2yfbnN+wTcuU+Qn8qyeNnbli0tjyXHQHUhL1ikYeKnImCnMtiTc7
NWcscBnErpoc/bVmxhLA6VmZlYa7zi6NeO632leWlZLP3ZLFTkY=
=72K5
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYnsIOeNLKJtyKPYoAQgg0Q/+P9jOlve3z6l+a0tkfWGq8D85MvxN9Nhn
DCE2x/LH8scRd6eB6t8haUjIzEIY3ftXA6e3mJokdjiJiBpIt16kd3i9Yf5hvGcs
jON7kfk2fE1lskRMstJSvDRt55rPNTBcViOIjXnMaUcD0Vnqjgn6KFUbDlw0ZCXs
urPK8j5hq5UPodoan6tAbqH/wkElgmv4BQAhbT5e7tiGaC67/zCO2Dqne88TlZXa
Q+hu84z1iSJ53jUup1zIRazezMPsFUhfnYljDBFc8UUwNSycjSxHHxMmUclMM0gi
ZLvf67wWrlpwJlt2/RDWflj0Kt5W3VzZPwMF8zYUlLAArsJFO8DRjEor9aBqAueu
/ERjtRNgqE/PZAMq6ULTtdown4EJ17SWIXWyVp34WWhD1ld9mamfFApTMKRkbez9
mfJHl9WQtyKXrEbzSX40tBK2kMkYQ9iiqlgOfDNfWv3hu0jHGK45UvbM0XR8sIoP
Wrp/2yt7dYx9lG1lVWzLC3Xti3h3a12uXoaZ2TOrWXgJnaiAqVYmx8eCe78/SpHf
uqYsGA9XFodu4Au/G1gdFDsAxOeoU4ergiU2O23V42gftWsnl1vQe5EYTkUentKB
MskIkMsbWtaB5TS9LvytIb7g/sdaO/HJnJljXfmE7oOIk4oqHY/5USiuR98fgHIF
JB4FJ0afGSM=
=piVZ
-----END PGP SIGNATURE-----