Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 838499 - <mail-client/neomutt-20220415: uuencodebuffer overread in uuencode decoding
Summary: <mail-client/neomutt-20220415: uuencodebuffer overread in uuencode decoding
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/neomutt/neomutt/re...
Whiteboard: B4 [glsa? cleanup]
Keywords:
Depends on: CVE-2022-1328 889954
Blocks:
  Show dependency tree
 
Reported: 2022-04-15 14:01 UTC by John Helmert III
Modified: 2023-11-03 15:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-15 14:01:30 UTC 
CVE-2022-1328 (https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5):
https://gitlab.com/muttmua/mutt/-/issues/404
http://www.openwall.com/lists/oss-security/2022/04/14/3

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

Fix in neomutt 20220415, please bump.
Comment 1 Larry the Git Cow gentoo-dev 2022-04-15 18:29:21 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4209a54758bda0edb782332210dd6d0fc55160e

commit c4209a54758bda0edb782332210dd6d0fc55160e
Author:     Nicolas Bock <nicolasbock@gentoo.org>
AuthorDate: 2022-04-15 18:26:59 +0000
Commit:     Nicolas Bock <nicolasbock@gentoo.org>
CommitDate: 2022-04-15 18:29:05 +0000

    mail-client/neomutt: Version bump to 2022-04-15
    
    Closes: https://bugs.gentoo.org/838499
    Signed-off-by: Nicolas Bock <nicolasbock@gentoo.org>

 mail-client/neomutt/Manifest                |   1 +
 mail-client/neomutt/neomutt-20220415.ebuild | 171 ++++++++++++++++++++++++++++
 2 files changed, 172 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-16 05:09:29 UTC 
Please remember that the security team closes security bugs.

Please stabilize 20220415 when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-06 21:53:15 UTC 
Please cleanup.