A flaw was found in mutt before 1.10.1. There is a path traversal flaw for UID values in POP bcache directory. References: http://www.mutt.org/news.html https://gitlab.com/muttmua/mutt/blob/master/ChangeLog
Created attachment 1459536 [details] upstream patch
Created mutt tracking bugs for this issue: Affects: fedora-all [bug 1602082]
Upstream Patch: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:2526 https://access.redhat.com/errata/RHSA-2018:2526