Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. http://seclists.org/fulldisclosure/2011/Mar/87
Ok, this issue is reduced to gnutls only. I'm fine with masking the gnutls USE-flag until a patch from upstream is submitted. I think this corresponds to upstream bug http://dev.mutt.org/trac/ticket/3506
CVE-2011-1429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1429): Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
Patch available at [1], not sure if it's in any current mutt versions. [1] http://dev.mutt.org/trac/changeset/d7f4b2e2b09a
nope it's not in, we'll have to pick that one
this should be in 1.5.21-r13
Covered by GLSA 201406-05