Red Hat Bugzilla – Bug 19326
Updated version of Mutt (1.2) has IMAP security hole fixed
Last modified: 2014-03-16 22:16:52 EDT
From Mutt's news page:
Mutt 1.2.5 was released on July 28, 2000. This is the latest maintenance
update of the stable branch of mutt, and this time, we really suggest that
This release fixes at least one grave IMAP error which may lead to
confusing display and other strangeness, and our instances of the "wuftpd
format bug", which had (mostly) the effect that your IMAP server's operator
could break into your computer with some work.
Looks to me like this should be fixed! Thanks!
Also, as long as you're doing this, you might want to build ssl-IMAP support in,
as you've already got openssl available now when you didn't before. Then again,
We would not add SSL support to a 6.2 errata, as we
didn't ship SSL for 6.2.
You're right; it's technically a "Package Enhancement," but was listed on the
errata page, which confused me:
As updates, a few days ago. Just make openssl a prerequisite for the mutt
update (same story as the RPM 3.0.5 update).
I stand corrected. Gee, I go away for two weeks and all hell
breaks loose. ;)
Would be nice if there was an update on this: the update is almost four months
old, and the bug report is more than a month with no activity --- its status is
While we're at it... please consider adding the Compressed Folders Patch which
is available here:
As you can see from the _long_ history this patch is really mature and in use by
_many_ people. We are not the only people enrolling our own mutt RPMs site-wide
just to have this patch in. :-]
Please advise if I should file that as a seperate RFE.
Currently waiting on 1.2.6i; the lead developer mentioned it was about
time to do it two weeks ago, which was right when we were finishing
up the packages.
This finally did get errata'd.