Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
[20.03] mutt: apply patch for CVE-2020-28896 #104583
Motivation for this change
mutt has improper handling of broken IMAP connections, this could result
Tested using a basic
2 packages built:
mutt has improper handling of broken IMAP connections, this could result in authentication credentials being sent over an unencrypted connection, without $ssl_force_tls being consulted. https://security.archlinux.org/CVE-2020-28896 https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
I agree that it would probably be best to port from 20.09 to 20.03, and not from 20.03 to 20.09. Sorry about that.