Bug 838499

Summary:	<mail-client/neomutt-20220415: uuencodebuffer overread in uuencode decoding
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor	CC:	mschiff, nicolasbock
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/neomutt/neomutt/releases/tag/20220415
Whiteboard:	B4 [glsa? cleanup]
Package list:		Runtime testing required:	---
Bug Depends on:	838379, 889954
Bug Blocks:

Description John Helmert III archtester

2022-04-15 14:01:30 UTC

CVE-2022-1328 (https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5):
https://gitlab.com/muttmua/mutt/-/issues/404
http://www.openwall.com/lists/oss-security/2022/04/14/3

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

Fix in neomutt 20220415, please bump.

Comment 1 Larry the Git Cow gentoo-dev

2022-04-15 18:29:21 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4209a54758bda0edb782332210dd6d0fc55160e

commit c4209a54758bda0edb782332210dd6d0fc55160e
Author:     Nicolas Bock <nicolasbock@gentoo.org>
AuthorDate: 2022-04-15 18:26:59 +0000
Commit:     Nicolas Bock <nicolasbock@gentoo.org>
CommitDate: 2022-04-15 18:29:05 +0000

    mail-client/neomutt: Version bump to 2022-04-15
    
    Closes: https://bugs.gentoo.org/838499
    Signed-off-by: Nicolas Bock <nicolasbock@gentoo.org>

 mail-client/neomutt/Manifest                |   1 +
 mail-client/neomutt/neomutt-20220415.ebuild | 171 ++++++++++++++++++++++++++++
 2 files changed, 172 insertions(+)

Comment 2 John Helmert III archtester

2022-04-16 05:09:29 UTC

Please remember that the security team closes security bugs.

Please stabilize 20220415 when ready.

Comment 3 John Helmert III archtester

2023-01-06 21:53:15 UTC

Please cleanup.