Security update for mutt
This update for mutt fixes the following issues:
- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was
affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was
proceeding with a connection (bsc#1172906, bsc#1172935).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Dr. Werner Fink (WernerFink)
Fixed bugs
bnc#1172906
VUL-0: CVE-2020-14093, CVE-2020-14154: mutt: MITM for IMAP connections + expired certs not properly rejected with GnuTLS
bnc#1172935
VUL-0: CVE-2020-14093: mutt: IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response
bnc#1173197
VUL-0: CVE-2020-14954: mutt: STARTTLS buffering issue allowing MITM of IMAP, SMTP and POP3
