Debian Bug report logs -
#904021
neomutt: CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 18 Jul 2018 12:12:01 UTC
Severity: grave
Tags: security, upstream
Found in version neomutt/20180622+dfsg.1-1
Fixed in version neomutt/20180716+dfsg.1-1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Mutt maintainers <neomutt@packages.debian.org>
:
Bug#904021
; Package src:neomutt
.
(Wed, 18 Jul 2018 12:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Mutt maintainers <neomutt@packages.debian.org>
.
(Wed, 18 Jul 2018 12:12:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: neomutt
Version: 20180622+dfsg.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for neomutt.
CVE-2018-14349[0]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap/command.c mishandles a NO response without a message.
CVE-2018-14350[1]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap/message.c has a stack-based buffer overflow for a
| FETCH response with a long INTERNALDATE field.
CVE-2018-14351[2]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap/command.c mishandles a long IMAP status mailbox
| literal count size.
CVE-2018-14352[3]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap_quote_string in imap/util.c does not leave room for
| quote characters, leading to a stack-based buffer overflow.
CVE-2018-14353[4]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
CVE-2018-14354[5]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. They allow remote IMAP servers to execute arbitrary
| commands via backquote characters, related to the mailboxes command
| associated with a manual subscription or unsubscription.
CVE-2018-14355[6]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap/util.c mishandles ".." directory traversal in a
| mailbox name.
CVE-2018-14356[7]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. pop.c mishandles a zero-length UID.
CVE-2018-14357[8]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. They allow remote IMAP servers to execute arbitrary
| commands via backquote characters, related to the mailboxes command
| associated with an automatic subscription.
CVE-2018-14358[9]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. imap/message.c has a stack-based buffer overflow for a
| FETCH response with a long RFC822.SIZE field.
CVE-2018-14359[10]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. They have a buffer overflow via base64 data.
CVE-2018-14360[11]:
| An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in
| newsrc.c has a stack-based buffer overflow because of incorrect sscanf
| usage.
CVE-2018-14361[12]:
| An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds
| even if memory allocation fails for messages data.
CVE-2018-14362[13]:
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before
| 2018-07-16. pop.c does not forbid characters that may have unsafe
| interaction with message-cache pathnames, as demonstrated by a '/'
| character.
CVE-2018-14363[14]:
| An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not
| properly restrict '/' characters that may have unsafe interaction with
| cache pathnames.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
Just updating to version containg all the fixes might be the more
straingforwardest option.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349
[1] https://security-tracker.debian.org/tracker/CVE-2018-14350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350
[2] https://security-tracker.debian.org/tracker/CVE-2018-14351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351
[3] https://security-tracker.debian.org/tracker/CVE-2018-14352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352
[4] https://security-tracker.debian.org/tracker/CVE-2018-14353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353
[5] https://security-tracker.debian.org/tracker/CVE-2018-14354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354
[6] https://security-tracker.debian.org/tracker/CVE-2018-14355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355
[7] https://security-tracker.debian.org/tracker/CVE-2018-14356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356
[8] https://security-tracker.debian.org/tracker/CVE-2018-14357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357
[9] https://security-tracker.debian.org/tracker/CVE-2018-14358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358
[10] https://security-tracker.debian.org/tracker/CVE-2018-14359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359
[11] https://security-tracker.debian.org/tracker/CVE-2018-14360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360
[12] https://security-tracker.debian.org/tracker/CVE-2018-14361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361
[13] https://security-tracker.debian.org/tracker/CVE-2018-14362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362
[14] https://security-tracker.debian.org/tracker/CVE-2018-14363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363
Regards,
Salvatore
Marked as fixed in versions neomutt/20180716+dfsg.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 19 Jul 2018 04:33:04 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 19 Jul 2018 04:33:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Thu, 19 Jul 2018 04:33:05 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug#904021.
(Thu, 19 Jul 2018 04:33:06 GMT) (full text, mbox, link).
Message #14 received at 904021-submitter@bugs.debian.org (full text, mbox, reply):
close 904051 1.10.1-1
close 904021 20180716+dfsg.1-1
thanks
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 21 Aug 2018 07:27:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:00:00 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.