Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Upstream Commit: https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
Created mutt tracking bugs for this issue: Affects: fedora-all [bug 1848362]
External References: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
This has been fixed in following versions. Can we close this bug?