MGASA-2020-0448

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0448.html

Import Source

https://advisories.mageia.org/MGASA-2020-0448.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0448

Related

CVE-2020-28896

Published

2020-12-05T19:46:49Z

Modified

2020-12-05T19:02:47Z

Summary

Updated mutt packages fix a security vulnerability

Details

Mutt before 2.0.2 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle (CVE-2020-28896).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / mutt

Package

Name: mutt
Purl: pkg:rpm/mageia/mutt?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.4-1.4.mga7

Ecosystem specific

{
    "section": "core"
}