From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60587)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fmbp1-0002U0-IN
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:29:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fmbp0-0003WP-Fa
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:29:03 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:37255)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fmbp0-0003WJ-BL
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:29:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fmbp0-0006HB-2h
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:29:02 -0400
Subject: [bug#32373] neomutt 20180716 security update (fixes CVE-2018-14349 -
	CVE-2018-14363)
Resent-Message-ID: <handler.32373.B.153354771824090@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60482)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <ng0@n0.is>)
	id 1fmboS-0002Qn-P9
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:28:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@n0.is>) id 1fmboR-0002zn-Np
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:28:28 -0400
Received: from conspiracy.of.n0.is ([2a01:4f8:1c0c:7ad0::1]:37478)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <ng0@n0.is>) id 1fmboR-0002y1-By
	for guix-patches@gnu.org; Mon, 06 Aug 2018 05:28:27 -0400
Received: by conspiracy.of.n0.is (OpenSMTPD) with ESMTPSA id 4b1a644e
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO)
	for <guix-patches@gnu.org>; Mon, 6 Aug 2018 09:28:25 +0000 (UTC)
Date: Mon, 6 Aug 2018 09:29:10 +0000
From: Nils Gillmann <ng0@n0.is>
Message-ID: <20180806092910.4xv3lgbaszjrtibi@abyayala>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="fzqcljim7qy36wcn"
Content-Disposition: inline
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 32373@debbugs.gnu.org


--fzqcljim7qy36wcn
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

sorry for being late on this important update, life kept me busy.

=46rom the release notes:

> Notes
> This is a small, but intensive, bug-fix release.
> It fixes some important security holes, so upgrading is strongly recommen=
ded.
> Some large architectural changes are coming, so the next release may be s=
ome months away.
>
> Security
> CVE-2018-14349 - NO Response Heap Overflow
> CVE-2018-14350 - INTERNALDATE Stack Overflow
> CVE-2018-14351 - STATUS Literal Length relative write
> CVE-2018-14352 - imap_quote_string off-by-one stack overflow
> CVE-2018-14353 - imap_quote_string int underflow
> CVE-2018-14354 - imap_subscribe Remote Code Execution
> CVE-2018-14355 - STATUS mailbox header cache directory traversal
> CVE-2018-14356 - POP empty UID NULL deref
> CVE-2018-14357 - LSUB Remote Code Execution
> CVE-2018-14358 - RFC822.SIZE Stack Overflow
> CVE-2018-14359 - base64 decode Stack Overflow
> CVE-2018-14360 - NNTP Group Stack Overflow
> CVE-2018-14361 - NNTP Write 1 where via GROUP response
> CVE-2018-14362 - POP Message Cache Directory Traversal
> CVE-2018-14363 - NNTP Header Cache Directory Traversal
--fzqcljim7qy36wcn
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="0001-gnu-neomutt-Update-to-20180716-fixes-CVE-2018-14349-.patch"
Content-Transfer-Encoding: quoted-printable

=46rom f710fd747ec39391c67a2b3d38294cdd81146186 Mon Sep 17 00:00:00 2001
=46rom: Nils Gillmann <ng0@n0.is>
Date: Mon, 6 Aug 2018 09:15:35 +0000
Subject: [PATCH] gnu: neomutt: Update to 20180716 [fixes
 CVE-2018-{14349,14350,14351,14352,14353,14354,14355,14356,14357,14358,1435=
9,14360,14361,14362,14363}].

* gnu/packages/mail.scm (neomutt): Update to 20180716.

Signed-off-by: Nils Gillmann <ng0@n0.is>
---
 gnu/packages/mail.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 67f490d41..2a6a17c80 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -300,7 +300,7 @@ operating systems.")
 (define-public neomutt
   (package
     (name "neomutt")
-    (version "20180323")
+    (version "20180716")
     (source
      (origin
        (method url-fetch)
@@ -308,7 +308,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "12v7zkm809cvjxfz0n7jb4qa410ns1ydyf0gjin99vbdrlj88jac"))))
+         "0072in2d6znwqq461shsaxlf40r4zr7w3j9848qvm4xlh1lq52dx"))))
     (build-system gnu-build-system)
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
--=20
2.18.0


--fzqcljim7qy36wcn--