[bug#32373] neomutt 20180716 security update (fixes CVE-2018-14349 - CVE-2018-14363)

[bug#32373] neomutt 20180716 security update (fixes CVE-2018-14349 - CVE-2018-14363)

[Nils Gillmann]

[-- Attachment #1: Type: text/plain, Size: 1151 bytes --]

Hi,

sorry for being late on this important update, life kept me busy.

From the release notes:

> Notes
> This is a small, but intensive, bug-fix release.
> It fixes some important security holes, so upgrading is strongly recommended.
> Some large architectural changes are coming, so the next release may be some months away.
>
> Security
> CVE-2018-14349 - NO Response Heap Overflow
> CVE-2018-14350 - INTERNALDATE Stack Overflow
> CVE-2018-14351 - STATUS Literal Length relative write
> CVE-2018-14352 - imap_quote_string off-by-one stack overflow
> CVE-2018-14353 - imap_quote_string int underflow
> CVE-2018-14354 - imap_subscribe Remote Code Execution
> CVE-2018-14355 - STATUS mailbox header cache directory traversal
> CVE-2018-14356 - POP empty UID NULL deref
> CVE-2018-14357 - LSUB Remote Code Execution
> CVE-2018-14358 - RFC822.SIZE Stack Overflow
> CVE-2018-14359 - base64 decode Stack Overflow
> CVE-2018-14360 - NNTP Group Stack Overflow
> CVE-2018-14361 - NNTP Write 1 where via GROUP response
> CVE-2018-14362 - POP Message Cache Directory Traversal
> CVE-2018-14363 - NNTP Header Cache Directory Traversal

[-- Attachment #2: 0001-gnu-neomutt-Update-to-20180716-fixes-CVE-2018-14349-.patch --]
[-- Type: text/plain, Size: 1255 bytes --]

From f710fd747ec39391c67a2b3d38294cdd81146186 Mon Sep 17 00:00:00 2001
From: Nils Gillmann <ng0@n0.is>
Date: Mon, 6 Aug 2018 09:15:35 +0000
Subject: [PATCH] gnu: neomutt: Update to 20180716 [fixes
 CVE-2018-{14349,14350,14351,14352,14353,14354,14355,14356,14357,14358,14359,14360,14361,14362,14363}].

* gnu/packages/mail.scm (neomutt): Update to 20180716.

Signed-off-by: Nils Gillmann <ng0@n0.is>
---
 gnu/packages/mail.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 67f490d41..2a6a17c80 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -300,7 +300,7 @@ operating systems.")
 (define-public neomutt
   (package
     (name "neomutt")
-    (version "20180323")
+    (version "20180716")
     (source
      (origin
        (method url-fetch)
@@ -308,7 +308,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "12v7zkm809cvjxfz0n7jb4qa410ns1ydyf0gjin99vbdrlj88jac"))))
+         "0072in2d6znwqq461shsaxlf40r4zr7w3j9848qvm4xlh1lq52dx"))))
     (build-system gnu-build-system)
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
-- 
2.18.0

bug#32373: neomutt 20180716 security update (fixes CVE-2018-14349 - CVE-2018-14363)

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 266 bytes --]

Applied as 46add5615a49c0fbd125296be8a114b04a03412c

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]