[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14154/mutt

Mon Jun 15 21:24:24 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6553d662 by Salvatore Bonaccorso at 2020-06-15T22:24:09+02:00
Add CVE-2020-14154/mutt

This corresponds to the second issue from
<http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html>.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,11 @@ CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid befor
 CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...)
 	TODO: check
 CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to  ...)
-	TODO: check
+	- mutt <unfixed>
+	NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
+	NOTE: https://github.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95
+	NOTE: https://github.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b
+	NOTE: https://github.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3
 CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds arr ...)
 	TODO: check
 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6553d662db16b819b2ef82fb5dd2f9e8f4517c73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6553d662db16b819b2ef82fb5dd2f9e8f4517c73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200615/ef529a59/attachment-0001.html>
