Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 838499 - <mail-client/neomutt-20220415: uuencodebuffer overread in uuencode decoding
Summary: <mail-client/neomutt-20220415: uuencodebuffer overread in uuencode decoding
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/neomutt/neomutt/re...
Whiteboard: B4 [glsa? cleanup]
Keywords:
Depends on: CVE-2022-1328 889954
Blocks:
  Show dependency tree
 
Reported: 2022-04-15 14:01 UTC by John Helmert III
Modified: 2023-01-06 21:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-15 14:01:30 UTC
CVE-2022-1328 (https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5):
https://gitlab.com/muttmua/mutt/-/issues/404
http://www.openwall.com/lists/oss-security/2022/04/14/3

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

Fix in neomutt 20220415, please bump.
Comment 1 Larry the Git Cow gentoo-dev 2022-04-15 18:29:21 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4209a54758bda0edb782332210dd6d0fc55160e

commit c4209a54758bda0edb782332210dd6d0fc55160e
Author:     Nicolas Bock <nicolasbock@gentoo.org>
AuthorDate: 2022-04-15 18:26:59 +0000
Commit:     Nicolas Bock <nicolasbock@gentoo.org>
CommitDate: 2022-04-15 18:29:05 +0000

    mail-client/neomutt: Version bump to 2022-04-15
    
    Closes: https://bugs.gentoo.org/838499
    Signed-off-by: Nicolas Bock <nicolasbock@gentoo.org>

 mail-client/neomutt/Manifest                |   1 +
 mail-client/neomutt/neomutt-20220415.ebuild | 171 ++++++++++++++++++++++++++++
 2 files changed, 172 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-16 05:09:29 UTC
Please remember that the security team closes security bugs.

Please stabilize 20220415 when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-06 21:53:15 UTC
Please cleanup.