Mutt is vulnerable to directory traversal vulnerability. The vulnerability exists in an unknown part of the file pop.c because the pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a ‘/’ character.
www.mutt.org/news.html
access.redhat.com/errata/RHSA-2018:2526
access.redhat.com/security/updates/classification/#important
github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
lists.debian.org/debian-lts-announce/2018/08/msg00001.html
neomutt.org/2018/07/16/release
security.gentoo.org/glsa/201810-07
usn.ubuntu.com/3719-3/
www.debian.org/security/2018/dsa-4277