mutt is vulnerable to man-in-the-middle (MitM). The vulnerability exists as the connection would not properly close, and would keep retrying, when the $ssl_force_tls
was processed if an IMAP server’s initial server response was invalid.
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-28896
github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
github.com/neomutt/neomutt/releases/tag/20201120
gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f
lists.debian.org/debian-lts-announce/2020/11/msg00048.html
security.gentoo.org/glsa/202101-32