"In addition to the usual share of bug fixes and enhancements, this release fixes a security vulnerability whereas an early error in communicating with an IMAP server was not properly detected as fatal, resulting in a potential for sensitive information (user, pass) being sent over an untrusted channel."
Please bump to 2020-11-20, thanks!
Bumped in ff96f46db13467f8519afe3cd84c07f1e1a9940f, thanks. Is it ready to stable?
Hi Sam, It's running fine for me. Best, Nick
20201127 is released, it fixes a regression in 20201120. Probably a better candidate for stabilization.
I have added neomutt-20201127 to tree. We can close this bug.
(In reply to Nicolas Bock from comment #5) > I have added neomutt-20201127 to tree. We can close this bug. We can once the fixed version is stabled, we'll do that now?
(In reply to Nicolas Bock from comment #3) > Hi Sam, > > It's running fine for me. > > Best, > > Nick (Also, sorry, I missed this!)
(In reply to Sam James from comment #7) > (In reply to Nicolas Bock from comment #3) > > Hi Sam, > > > > It's running fine for me. > > > > Best, > > > > Nick > > (Also, sorry, I missed this!) No worries :)
amd64 done
x86 stable
Please cleanup
Hi John, when you say cleanup, what do you mean? Thanks! Nick
(In reply to Nicolas Bock from comment #12) > Hi John, > > when you say cleanup, what do you mean? > > Thanks! > > Nick Hello! When a package is stabilized to fix a security vulnerability, we generally ask the maintainer to drop ("cleanup") the vulnerable package versions so that users cannot accidentally install a vulnerable version of the package. In this case please cleanup <neomutt-20201127.
Hi John, Thanks for the clarification. Will do! Best, Nick
(In reply to Nicolas Bock from comment #14) > Hi John, > > Thanks for the clarification. Will do! > > Best, > > Nick Itβs one of those things where we get caught up in the jargon!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a02f96d25538695778dd30af5664166caec386b commit 3a02f96d25538695778dd30af5664166caec386b Author: Nicolas Bock <nicolasbock@gentoo.org> AuthorDate: 2020-12-03 15:25:19 +0000 Commit: Nicolas Bock <nicolasbock@gentoo.org> CommitDate: 2020-12-03 15:26:13 +0000 mail-client/neomutt: Clean up of older ebuilds Bug: https://bugs.gentoo.org/755833 Signed-off-by: Nicolas Bock <nicolasbock@gentoo.org> mail-client/neomutt/Manifest | 4 - mail-client/neomutt/neomutt-20200626-r1.ebuild | 149 ------------------------- mail-client/neomutt/neomutt-20200626.ebuild | 128 --------------------- mail-client/neomutt/neomutt-20200821.ebuild | 149 ------------------------- mail-client/neomutt/neomutt-20200925.ebuild | 149 ------------------------- mail-client/neomutt/neomutt-20201120.ebuild | 149 ------------------------- 6 files changed, 728 deletions(-)
Thank you! Now security needs to vote.
This issue was resolved and addressed in GLSA 202101-32 at https://security.gentoo.org/glsa/202101-32 by GLSA coordinator Sam James (sam_c).