[SECURITY] [DSA 3083-1] mutt security update

2014-11-3013:47:51

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

9.2

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

Debian Security Advisory DSA-3083-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
November 30, 2014 http://www.debian.org/security/faq

Package : mutt
CVE ID : CVE-2014-9116
Debian Bug : 771125

A flaw was discovered in mutt, a text-based mailreader. A specially
crafted mail header could cause mutt to crash, leading to a denial of
service condition.

For the stable distribution (wheezy), this problem has been fixed in
version 1.5.21-6.2+deb7u3.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.23-2.

We recommend that you upgrade your mutt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6i386mutt-patched< 1.5.20-9+squeeze4mutt-patched_1.5.20-9+squeeze4_i386.deb
Debian7mipsmutt-patched< 1.5.21-6.2+deb7u3mutt-patched_1.5.21-6.2+deb7u3_mips.deb
Debian6allmutt< 1.5.20-9+squeeze4mutt_1.5.20-9+squeeze4_all.deb
Debian7powerpcmutt-dbg< 1.5.21-6.2+deb7u3mutt-dbg_1.5.21-6.2+deb7u3_powerpc.deb
Debian7i386mutt-dbg< 1.5.21-6.2+deb7u3mutt-dbg_1.5.21-6.2+deb7u3_i386.deb
Debian7kfreebsd-amd64mutt-patched< 1.5.21-6.2+deb7u3mutt-patched_1.5.21-6.2+deb7u3_kfreebsd-amd64.deb
Debian7i386mutt< 1.5.21-6.2+deb7u3mutt_1.5.21-6.2+deb7u3_i386.deb
Debian7amd64mutt-dbg< 1.5.21-6.2+deb7u3mutt-dbg_1.5.21-6.2+deb7u3_amd64.deb
Debian7kfreebsd-i386mutt-dbg< 1.5.21-6.2+deb7u3mutt-dbg_1.5.21-6.2+deb7u3_kfreebsd-i386.deb
Debian7powerpcmutt-patched< 1.5.21-6.2+deb7u3mutt-patched_1.5.21-6.2+deb7u3_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	i386	mutt-patched	< 1.5.20-9+squeeze4	mutt-patched_1.5.20-9+squeeze4_i386.deb
Debian	7	mips	mutt-patched	< 1.5.21-6.2+deb7u3	mutt-patched_1.5.21-6.2+deb7u3_mips.deb
Debian	6	all	mutt	< 1.5.20-9+squeeze4	mutt_1.5.20-9+squeeze4_all.deb
Debian	7	powerpc	mutt-dbg	< 1.5.21-6.2+deb7u3	mutt-dbg_1.5.21-6.2+deb7u3_powerpc.deb
Debian	7	i386	mutt-dbg	< 1.5.21-6.2+deb7u3	mutt-dbg_1.5.21-6.2+deb7u3_i386.deb
Debian	7	kfreebsd-amd64	mutt-patched	< 1.5.21-6.2+deb7u3	mutt-patched_1.5.21-6.2+deb7u3_kfreebsd-amd64.deb
Debian	7	i386	mutt	< 1.5.21-6.2+deb7u3	mutt_1.5.21-6.2+deb7u3_i386.deb
Debian	7	amd64	mutt-dbg	< 1.5.21-6.2+deb7u3	mutt-dbg_1.5.21-6.2+deb7u3_amd64.deb
Debian	7	kfreebsd-i386	mutt-dbg	< 1.5.21-6.2+deb7u3	mutt-dbg_1.5.21-6.2+deb7u3_kfreebsd-i386.deb
Debian	7	powerpc	mutt-patched	< 1.5.21-6.2+deb7u3	mutt-patched_1.5.21-6.2+deb7u3_powerpc.deb