Описание
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mutt | fixed | 1.14.3-1 | package | |
| mutt | fixed | 1.10.1-2.1+deb10u1 | buster | package |
| neomutt | fixed | 20200619+dfsg.1-1 | package |
Примечания
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95
https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b
https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3
Negligible security impact
Связанные уязвимости
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Уязвимость почтового клиента Mutt, связанная с неправильным подтверждением подлинности сертификата, позволяющая нарушителю выполнить атаку типа «человек посередине»