Vulnerable to the same issues as mail-client/mutt (see tracker). From ajak (thanks!): <ajak> lead neomutt dev: [22:52] < flatcap> ajak: yes, neomutt is still very similar to mutt and is affected
[00:01:34] <ajak> oh, flatcap also said neomutt release due friday
From the 20200619 changelog: Prevent possible IMAP MITM via PREAUTH response Looks like we're good on the second Mutt issue on Neomutt with this release. Maintainer(s), please bump.
Acked on IRC
Release 20200626 is probably a better candidate for stabilization when it gets an ebuild due to runtime breakage: https://github.com/neomutt/neomutt/issues/2382
I pushed 2020-06-26 to tree.
GLSA vote: yes
amd64 stable
x86 stable. Please cleanup.
This issue was resolved and addressed in GLSA 202007-57 at https://security.gentoo.org/glsa/202007-57 by GLSA coordinator Sam James (sam_c).
Reopening for cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68fc4385c792dd15b53c29355943fd94e1ef801f commit 68fc4385c792dd15b53c29355943fd94e1ef801f Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-29 00:19:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-29 00:19:39 +0000 mail-client/neomutt: security cleanup Bug: https://bugs.gentoo.org/728302 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> mail-client/neomutt/Manifest | 3 - mail-client/neomutt/metadata.xml | 4 - mail-client/neomutt/neomutt-20180716.ebuild | 130 ---------------------------- mail-client/neomutt/neomutt-20200501.ebuild | 128 --------------------------- mail-client/neomutt/neomutt-20200619.ebuild | 128 --------------------------- 5 files changed, 393 deletions(-)