Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
Created mutt tracking bugs for this issue:
Affects: fedora-all [bug 1957452]
This flaw doesn't affect the Mutt versions shipped with Red Hat Enterprise Linux 6, 7 and 8 as it depends on QRESYNC feature included on newer versions of Mutt than the ones distributed by Red Hat.
My understanding is that this can be closed. Is this right?
In reply to comment #4:
> My understanding is that this can be closed. Is this right?
This issue affects RhEL-9, so the bug will be closed after RHSA is released for it.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):