opensuse-su-2022:10020-1
Vulnerability from csaf_opensuse
Published
2022-06-21 12:01
Modified
2022-06-21 12:01
Summary
Security update for neomutt
Notes
Title of the patch
Security update for neomutt
Description of the patch
This update for neomutt fixes the following issues:
neomutt was updated to 20220429:
* Bug Fixes
* Do not crash on an invalid use_threads/sort combination
* Fix: stuck browser cursor
* Resolve (move) the cursor after <edit-label>
* Index: fix menu size on new mail
* Don't overlimit LMDB mmap size
* OpenBSD y/n translation fix
* Generic: split out OP_EXIT binding
* Fix parsing of sendmail cmd
* Fix: crash with menu_move_off=no
* Newsrc: bugfix; nntp_user and nntp_pass ignored
* Menu: ensure config changes cause a repaint
* Mbox: fix sync duplicates
* Make sure the index redraws all that's needed
* Translations
* 100% Chinese (Simplified)
* 100% Czech
* 100% German
* 100% Hungarian
* 100% Lithuanian
* 100% Serbian
* 100% Turkish
* Docs
* add missing pattern modifier ~I for external_search_command
* Code
* menu: eliminate custom_redraw()
* modernise mixmaster
* Kill global and Propagate display attach status through State-
neomutt was updated to 20220415:
* Security
* Fix uudecode buffer overflow (CVE-2022-1328)
* Features
* Colours, colours, colours
* Bug Fixes
* Pager: fix pager_stop
* Merge colours with normal
* Color: disable mono command
* Fix forwarding text attachments when honor_disposition is set
* Pager: drop the nntp change-group bindings
* Use mailbox_check flags coherently, add IMMEDIATE flag
* Fix: tagging in attachment list
* Fix: misalignment of mini-index
* Make sure to update the menu size after a resort
* Translations
* 100% Hungarian
* Build
* Update acutest
* Code
* Unify pipe functions
* Index: notify if navigation fails
* Gui: set colour to be merged with normal
* Fix: leak in tls_check_one_certificate()
* Upstream
* Flush iconv() in mutt_convert_string()
* Fix integer overflow in mutt_convert_string()
* Fix uudecode cleanup on unexpected eof
update to 20220408:
* Compose multipart emails
* Fix screen mode after attempting decryption
* imap: increase max size of oauth2 token
* Fix autocrypt
* Unify Alias/Query workflow
* Fix colours
* Say which file exists when saving attachments
* Force SMTP authentication if `smtp_user` is set
* Fix selecting the right email after limiting
* Make sure we have enough memory for a new email
* Don't overwrite with zeroes after unlinking the file
* Fix crash when forwarding attachments
* Fix help reformatting on window resize
* Fix poll to use PollFdsCount and not PollFdsLen
* regex: range check arrays strictly
* Fix Coverity defects
* Fix out of bounds write with long log lines
* Apply `fast_reply` to 'to', 'cc', or 'bcc'
* Prevent warning on empty emails
* New default: `set rfc2047_parameters = yes`
* 100% German
* 100% Lithuanian
* 100% Serbian
* 100% Czech
* 100% Turkish
* 72% Hungarian
* Improve header cache explanation
* Improve description of some notmuch variables
* Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()`
* Document config synonyms and deprecations
* Create lots of GitHub Actions
* Drop TravisCI
* Add automated Fuzzing tests
* Add automated ASAN tests
* Create Dockers for building Centos/Fedora
* Build fixes for Solaris 10
* New libraries: browser, enter, envelope
* New configure options: `--fuzzing` `--debug-color` `--debug-queue`
* Split Index/Pager GUIs/functions
* Add lots of function dispatchers
* Eliminate `menu_loop()`
* Refactor function opcodes
* Refactor cursor setting
* Unify Alias/Query functions
* Refactor Compose/Envelope functions
* Modernise the Colour handling
* Refactor the Attachment View
* Eliminate the global `Context`
* Upgrade `mutt_get_field()`
* Refactor the `color quoted` code
* Fix lots of memory leaks
* Refactor Index resolve code
* Refactor PatternList parsing
* Refactor Mailbox freeing
* Improve key mapping
* Factor out charset hooks
* Expose mutt_file_seek API
* Improve API of `strto*` wrappers
* imap QRESYNC fixes
* Allow an empty To: address prompt
* Fix argc==0 handling
* Don't queue IMAP close commands
* Fix IMAP UTF-7 for code points >= U+10000
* Don't include inactive messages in msgset generation
update to 20211029 (boo#1185705, CVE-2021-32055):
* Notmuch: support separate database and mail roots without .notmuch
* fix notmuch crash on open failure
* fix crypto crash handling pgp keys
* fix ncrypt/pgp file_get_size return check
* fix restore case-insensitive header sort
* fix pager redrawing of long lines
* fix notmuch: check database dir for xapian dir
* fix notmuch: update index count after <entire-thread>
* fix protect hash table against empty keys
* fix prevent real_subj being set but empty
* fix leak when saving fcc
* fix leak after <edit-or-view-raw-message>
* fix leak after trash to hidden mailbox
* fix leak restoring postponed emails
* fix new mail notifications
* fix pattern compilation error for ( !>(~P) )
* fix menu display on window resize
* Stop batch mode emails with no argument or recipients
* Add sanitize call in print mailcap function
* fix hdr_order to use the longest match
* fix (un)setenv to not return an error with unset env vars
* fix Imap sync when closing a mailbox
* fix segfault on OpenBSD current
* sidebar: restore sidebar_spoolfile colour
* fix assert when displaying a file from the browser
* fix exec command in compose
* fix check_stats for Notmuch mailboxes
* Fallback: Open Notmuch database without config
* fix gui hook commands on startup
* threads: implement the $use_threads feature
* https://neomutt.org/feature/use-threads
* hooks: allow a -noregex param to folder and mbox hooks
* mailing lists: implement list-(un)subscribe using RFC2369 headers
* mailcap: implement x-neomutt-nowrap flag
* pager: add $local_date_header option
* imap, smtp: add support for authenticating using XOAUTH2
* Allow <sync-mailbox> to fail quietly
* imap: speed up server-side searches
* pager: improve skip-quoted and skip-headers
* notmuch: open database with user's configuration
* notmuch: implement <vfolder-window-reset>
* config: allow += modification of my_ variables
* notmuch: tolerate file renames behind neomutt's back
* pager: implement $pager_read_delay
* notmuch: validate nm_query_window_timebase
* notmuch: make $nm_record work in non-notmuch mailboxes
* compose: add $greeting - a welcome message on top of emails
* notmuch: show additional mail in query windows
* imap: fix crash on external IMAP events
* notmuch: handle missing libnotmuch version bumps
* imap: add sanity check for qresync
* notmuch: allow windows with 0 duration
* index: fix index selection on <collapse-all>
* imap: fix crash when sync'ing labels
* search: fix searching by Message-Id in <mark-message>
* threads: fix double sorting of threads
* stats: don't check mailbox stats unless told
* alias: fix crash on empty query
* pager: honor mid-message config changes
* mailbox: don't propagate read-only state across reopens
* hcache: fix caching new labels in the header cache
* crypto: set invalidity flags for gpgme/smime keys
* notmuch: fix parsing of multiple type=
* notmuch: validate $nm_default_url
* messages: avoid unnecessary opening of messages
* imap: fix seqset iterator when it ends in a comma
* build: refuse to build without pcre2 when pcre2 is linked in ncurses
Patchnames
openSUSE-2022-10020
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for neomutt",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for neomutt fixes the following issues:\n\nneomutt was updated to 20220429:\n\n* Bug Fixes\n* Do not crash on an invalid use_threads/sort combination\n* Fix: stuck browser cursor\n* Resolve (move) the cursor after \u003cedit-label\u003e\n* Index: fix menu size on new mail\n* Don\u0027t overlimit LMDB mmap size\n* OpenBSD y/n translation fix\n* Generic: split out OP_EXIT binding\n* Fix parsing of sendmail cmd\n* Fix: crash with menu_move_off=no\n* Newsrc: bugfix; nntp_user and nntp_pass ignored\n* Menu: ensure config changes cause a repaint\n* Mbox: fix sync duplicates\n* Make sure the index redraws all that\u0027s needed\n* Translations\n* 100% Chinese (Simplified)\n* 100% Czech\n* 100% German\n* 100% Hungarian\n* 100% Lithuanian\n* 100% Serbian\n* 100% Turkish\n* Docs\n* add missing pattern modifier ~I for external_search_command\n* Code\n* menu: eliminate custom_redraw()\n* modernise mixmaster\n* Kill global and Propagate display attach status through State- \n\nneomutt was updated to 20220415:\n\n* Security\n* Fix uudecode buffer overflow (CVE-2022-1328)\n* Features\n* Colours, colours, colours\n* Bug Fixes\n* Pager: fix pager_stop\n* Merge colours with normal\n* Color: disable mono command\n* Fix forwarding text attachments when honor_disposition is set\n* Pager: drop the nntp change-group bindings\n* Use mailbox_check flags coherently, add IMMEDIATE flag\n* Fix: tagging in attachment list\n* Fix: misalignment of mini-index\n* Make sure to update the menu size after a resort\n* Translations\n* 100% Hungarian\n* Build\n* Update acutest\n* Code\n* Unify pipe functions\n* Index: notify if navigation fails\n* Gui: set colour to be merged with normal\n* Fix: leak in tls_check_one_certificate()\n* Upstream\n* Flush iconv() in mutt_convert_string()\n* Fix integer overflow in mutt_convert_string()\n* Fix uudecode cleanup on unexpected eof\n\nupdate to 20220408:\n\n* Compose multipart emails\n* Fix screen mode after attempting decryption\n* imap: increase max size of oauth2 token\n* Fix autocrypt\n* Unify Alias/Query workflow\n* Fix colours\n* Say which file exists when saving attachments\n* Force SMTP authentication if `smtp_user` is set\n* Fix selecting the right email after limiting\n* Make sure we have enough memory for a new email\n* Don\u0027t overwrite with zeroes after unlinking the file\n* Fix crash when forwarding attachments\n* Fix help reformatting on window resize\n* Fix poll to use PollFdsCount and not PollFdsLen\n* regex: range check arrays strictly\n* Fix Coverity defects\n* Fix out of bounds write with long log lines\n* Apply `fast_reply` to \u0027to\u0027, \u0027cc\u0027, or \u0027bcc\u0027\n* Prevent warning on empty emails\n* New default: `set rfc2047_parameters = yes`\n* 100% German\n* 100% Lithuanian\n* 100% Serbian\n* 100% Czech\n* 100% Turkish\n* 72% Hungarian\n* Improve header cache explanation\n* Improve description of some notmuch variables\n* Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()`\n* Document config synonyms and deprecations\n* Create lots of GitHub Actions\n* Drop TravisCI\n* Add automated Fuzzing tests\n* Add automated ASAN tests\n* Create Dockers for building Centos/Fedora\n* Build fixes for Solaris 10\n* New libraries: browser, enter, envelope\n* New configure options: `--fuzzing` `--debug-color` `--debug-queue`\n* Split Index/Pager GUIs/functions\n* Add lots of function dispatchers\n* Eliminate `menu_loop()`\n* Refactor function opcodes\n* Refactor cursor setting\n* Unify Alias/Query functions\n* Refactor Compose/Envelope functions\n* Modernise the Colour handling\n* Refactor the Attachment View\n* Eliminate the global `Context`\n* Upgrade `mutt_get_field()`\n* Refactor the `color quoted` code\n* Fix lots of memory leaks\n* Refactor Index resolve code\n* Refactor PatternList parsing\n* Refactor Mailbox freeing\n* Improve key mapping\n* Factor out charset hooks\n* Expose mutt_file_seek API\n* Improve API of `strto*` wrappers\n* imap QRESYNC fixes\n* Allow an empty To: address prompt\n* Fix argc==0 handling\n* Don\u0027t queue IMAP close commands\n* Fix IMAP UTF-7 for code points \u003e= U+10000\n* Don\u0027t include inactive messages in msgset generation\n\nupdate to 20211029 (boo#1185705, CVE-2021-32055):\n\n* Notmuch: support separate database and mail roots without .notmuch\n* fix notmuch crash on open failure\n* fix crypto crash handling pgp keys\n* fix ncrypt/pgp file_get_size return check\n* fix restore case-insensitive header sort\n* fix pager redrawing of long lines\n* fix notmuch: check database dir for xapian dir\n* fix notmuch: update index count after \u003centire-thread\u003e\n* fix protect hash table against empty keys\n* fix prevent real_subj being set but empty\n* fix leak when saving fcc\n* fix leak after \u003cedit-or-view-raw-message\u003e\n* fix leak after trash to hidden mailbox\n* fix leak restoring postponed emails\n* fix new mail notifications\n* fix pattern compilation error for ( !\u003e(~P) )\n* fix menu display on window resize\n* Stop batch mode emails with no argument or recipients\n* Add sanitize call in print mailcap function\n* fix hdr_order to use the longest match\n* fix (un)setenv to not return an error with unset env vars\n* fix Imap sync when closing a mailbox\n* fix segfault on OpenBSD current\n* sidebar: restore sidebar_spoolfile colour\n* fix assert when displaying a file from the browser\n* fix exec command in compose\n* fix check_stats for Notmuch mailboxes\n* Fallback: Open Notmuch database without config\n* fix gui hook commands on startup\n* threads: implement the $use_threads feature\n* https://neomutt.org/feature/use-threads\n* hooks: allow a -noregex param to folder and mbox hooks\n* mailing lists: implement list-(un)subscribe using RFC2369 headers\n* mailcap: implement x-neomutt-nowrap flag\n* pager: add $local_date_header option\n* imap, smtp: add support for authenticating using XOAUTH2\n* Allow \u003csync-mailbox\u003e to fail quietly\n* imap: speed up server-side searches\n* pager: improve skip-quoted and skip-headers\n* notmuch: open database with user\u0027s configuration\n* notmuch: implement \u003cvfolder-window-reset\u003e\n* config: allow += modification of my_ variables\n* notmuch: tolerate file renames behind neomutt\u0027s back\n* pager: implement $pager_read_delay\n* notmuch: validate nm_query_window_timebase\n* notmuch: make $nm_record work in non-notmuch mailboxes\n* compose: add $greeting - a welcome message on top of emails\n* notmuch: show additional mail in query windows\n* imap: fix crash on external IMAP events\n* notmuch: handle missing libnotmuch version bumps\n* imap: add sanity check for qresync\n* notmuch: allow windows with 0 duration\n* index: fix index selection on \u003ccollapse-all\u003e\n* imap: fix crash when sync\u0027ing labels\n* search: fix searching by Message-Id in \u003cmark-message\u003e\n* threads: fix double sorting of threads\n* stats: don\u0027t check mailbox stats unless told\n* alias: fix crash on empty query\n* pager: honor mid-message config changes\n* mailbox: don\u0027t propagate read-only state across reopens\n* hcache: fix caching new labels in the header cache\n* crypto: set invalidity flags for gpgme/smime keys\n* notmuch: fix parsing of multiple type=\n* notmuch: validate $nm_default_url\n* messages: avoid unnecessary opening of messages\n* imap: fix seqset iterator when it ends in a comma\n* build: refuse to build without pcre2 when pcre2 is linked in ncurses\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10020",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10020-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10020-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YAIJ2AOB7KV4ZEDS2ZHBBCKGSPYKSKDI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10020-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YAIJ2AOB7KV4ZEDS2ZHBBCKGSPYKSKDI/"
},
{
"category": "self",
"summary": "SUSE Bug 1184787",
"url": "https://bugzilla.suse.com/1184787"
},
{
"category": "self",
"summary": "SUSE Bug 1185705",
"url": "https://bugzilla.suse.com/1185705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1328 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1328/"
}
],
"title": "Security update for neomutt",
"tracking": {
"current_release_date": "2022-06-21T12:01:18Z",
"generator": {
"date": "2022-06-21T12:01:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10020-1",
"initial_release_date": "2022-06-21T12:01:18Z",
"revision_history": [
{
"date": "2022-06-21T12:01:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20220429-bp154.2.3.1.aarch64",
"product": {
"name": "neomutt-20220429-bp154.2.3.1.aarch64",
"product_id": "neomutt-20220429-bp154.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-doc-20220429-bp154.2.3.1.noarch",
"product": {
"name": "neomutt-doc-20220429-bp154.2.3.1.noarch",
"product_id": "neomutt-doc-20220429-bp154.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "neomutt-lang-20220429-bp154.2.3.1.noarch",
"product": {
"name": "neomutt-lang-20220429-bp154.2.3.1.noarch",
"product_id": "neomutt-lang-20220429-bp154.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20220429-bp154.2.3.1.ppc64le",
"product": {
"name": "neomutt-20220429-bp154.2.3.1.ppc64le",
"product_id": "neomutt-20220429-bp154.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20220429-bp154.2.3.1.s390x",
"product": {
"name": "neomutt-20220429-bp154.2.3.1.s390x",
"product_id": "neomutt-20220429-bp154.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "neomutt-20220429-bp154.2.3.1.x86_64",
"product": {
"name": "neomutt-20220429-bp154.2.3.1.x86_64",
"product_id": "neomutt-20220429-bp154.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20220429-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch"
},
"product_reference": "neomutt-doc-20220429-bp154.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20220429-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch"
},
"product_reference": "neomutt-lang-20220429-bp154.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-20220429-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64"
},
"product_reference": "neomutt-20220429-bp154.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-doc-20220429-bp154.2.3.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch"
},
"product_reference": "neomutt-doc-20220429-bp154.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "neomutt-lang-20220429-bp154.2.3.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
},
"product_reference": "neomutt-lang-20220429-bp154.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32055"
}
],
"notes": [
{
"category": "general",
"text": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32055",
"url": "https://www.suse.com/security/cve/CVE-2021-32055"
},
{
"category": "external",
"summary": "SUSE Bug 1185705 for CVE-2021-32055",
"url": "https://bugzilla.suse.com/1185705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-21T12:01:18Z",
"details": "moderate"
}
],
"title": "CVE-2021-32055"
},
{
"cve": "CVE-2022-1328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1328"
}
],
"notes": [
{
"category": "general",
"text": "Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1328",
"url": "https://www.suse.com/security/cve/CVE-2022-1328"
},
{
"category": "external",
"summary": "SUSE Bug 1198518 for CVE-2022-1328",
"url": "https://bugzilla.suse.com/1198518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.ppc64le",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.s390x",
"SUSE Package Hub 15 SP4:neomutt-20220429-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"SUSE Package Hub 15 SP4:neomutt-lang-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.ppc64le",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.s390x",
"openSUSE Leap 15.4:neomutt-20220429-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:neomutt-doc-20220429-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:neomutt-lang-20220429-bp154.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-21T12:01:18Z",
"details": "moderate"
}
],
"title": "CVE-2022-1328"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…