Overview

File _patchinfo of Package patchinfo.12985

<patchinfo incident="12985">
  <issue tracker="bnc" id="1172906">VUL-0: CVE-2020-14093, CVE-2020-14154: mutt: MITM for IMAP connections + expired certs not properly rejected with GnuTLS</issue>
  <issue tracker="bnc" id="1172935">VUL-0: CVE-2020-14093: mutt: IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response</issue>
  <issue tracker="bnc" id="1173197">VUL-0: CVE-2020-14954: mutt: STARTTLS buffering issue allowing MITM of IMAP, SMTP and POP3</issue>
  <issue tracker="cve" id="2020-14954"/>
  <issue tracker="cve" id="2020-14093"/>
  <issue tracker="cve" id="2020-14154"/>
  <packager>WernerFink</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for mutt</summary>
  <description>This update for mutt fixes the following issues:

- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was 
  affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was 
  proceeding with a connection (bsc#1172906, bsc#1172935). 

This update was imported from the SUSE:SLE-15:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places