Red Hat Bugzilla – Bug 504979
CVE-2009-1390 Mutt 1.5.19 SSL chain verification flaw
Last modified: 2009-06-16 02:54:20 EDT
Mutt version 1.5.19 introduced a support for intermediate CA certs,
available when mutt is linked against both OpenSSL and GnuTLS, added
via upstream commits:
Miroslav Lichvar noticed that a certificate chain validation was not
implemented properly. Individual certificates in the chain where
checked and accepted, but the chain as a whole as not validated
Issue was addressed via following upstream patches:
This issue only affects mutt 1.5.19, version of mutt shipped in Red Hat Enterprise Linux 3, 4, and 5, and Fedora 9 and 10 are not affected by this problem.
mutt-1.5.19-5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.