Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. References: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
Created mutt tracking bugs for this issue: Affects: fedora-all [bug 1957452]
Statement: This flaw doesn't affect the Mutt versions shipped with Red Hat Enterprise Linux 6, 7 and 8 as it depends on QRESYNC feature included on newer versions of Mutt than the ones distributed by Red Hat.
My understanding is that this can be closed. Is this right?
In reply to comment #4: > My understanding is that this can be closed. Is this right? This issue affects RhEL-9, so the bug will be closed after RHSA is released for it.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32055