Headline
CVE-2020-14093: The Mutt E-Mail Client
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
Latest News****Git
Recent Commits: Summary | RSS Feed
Stable
Mutt 2.2.3 was released on April 12, 2022. This is a bug-fix release, addressing a buffer overread in the uuencoded decoder (CVE-2022-1328), along with some other issues.
Mutt 2.2.2 was released on March 25, 2022. This is a bug-fix release, fixing an issue with history categories, query-menu behavior, and a couple other small issues.
Mutt 2.2.1 was released on February 19, 2022. This is a bug-fix release, fixing an issue with header/body cache naming.
Mutt 2.2.0 was released on February 12, 2022. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
Mutt 2.1.5 was released on December 30, 2021. This is a bug-fix release, fixing two SMTP authentication issues, a crash bug on NetBSD, and a couple other issues.
Mutt 2.1.4 was released on December 11, 2021. This is a bug-fix release, fixing a performance issue when used with DavMail.
Mutt 2.1.3 was released on September 10, 2021. This is a bug-fix release, fixing some of the fixes in the last release. IMAP and QRESYNC users are advised to upgrade.
Mutt 2.1.2 was released on August 24, 2021. This is an important bug-fix release, fixing a potential data-loss IMAP bug, a couple QRESYNC bugs, and a few other issues. IMAP users are strongly advised to upgrade.
Mutt 2.1.1 was released on July 12, 2021. This is a bug-fix release, fixing some redraw issues and a problem with the new List Menu for mbox mailboxes.
Mutt 2.1.0 was released on June 12, 2021. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
Mutt 2.0.7 was released on May 4, 2021. This is a bug-fix release, fixing a $imap_qresync VANISHED handling bug, a crash when using an encrypted -H template file, and a couple other small issues.
Mutt 2.0.6 was released on March 6, 2021. This is a bug-fix release, with some cleanup and small fixes.
Mutt 2.0.5 was released on January 21, 2021. This is a bug-fix release, fixing a few memory leaks, including CVE-2021-3181.
Mutt 2.0.4 was released on December 30, 2020. This is a bug-fix release, fixing a mbox large-file support bug, and a sprinkle of other issues.
Mutt 2.0.3 was released on December 4, 2020. This is a bug-fix release, fixing a possible crash bug along with several other issues.
Mutt 2.0.2 was released on November 20, 2020. This is an important bug-fix release, addressing CVE-2020-28896.
Mutt 2.0.1 was released on November 14, 2020. This is a bug-fix release, fixing a compilation issue on some platforms.
Mutt 2.0.0 was released on November 7, 2020. This release has new features, bug fixes, and a few backward incompatible changes. Please read the release notes, and see the UPDATING file for all the changes.
Mutt 1.14.7 was released on August 29, 2020. This is a bug-fix release, fixing a variety of small issues.
Mutt 1.14.6 was released on July 11, 2020. This is a bug-fix release, fixing an error resetting access-time for relative path mailboxes.
Mutt 1.14.5 was released on June 23, 2020. This fixes a regression when using $tunnel to connect to a preauthenticated IMAP connection.
Mutt 1.14.4 was released on June 18, 2020. This is an important bug-fix release. It fixes a possible machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP (CVE-2020-14954).
Mutt 1.14.3 was released on June 14, 2020. This is an important bug-fix release. It fixes a possible IMAP fcc/postpone machine-in-the-middle attack (CVE-2020-14093). It also fixes some GnuTLS certificate prompt issues.
Mutt 1.14.2 was released on May 25, 2020. This is a bug-fix release, fixing a few prompt buffer-size issues and adding a potential DoS mitigation.
Mutt 1.14.1 was released on May 16, 2020. This is a bug-fix release, fixing a documentation build issue and a few other small bugs.
Mutt 1.14.0 was released on May 2, 2020. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
Mutt 1.13.5 was released on March 28, 2020. This is a bug-fix release, fixing a use-after-free bug, and a couple format string processing bugs.
Mutt 1.13.4 was released on February 15, 2020. This is a bug-fix release, fixing a possible memory corruption bug when sync’ing imap mailboxes, improving large-threaded mailbox opening speed, and reverting $ssl_force_tls to default unset.
Mutt 1.13.3 was released on January 12, 2020. This is a bug-fix release, fixing exit screen handling and a possible segfault on imap-logout-all.
Mutt 1.13.2 was released on December 18, 2019. This is a bug-fix release, reverting an incorrect cleanup change to mutt_dotlock made in 1.13.0.
Mutt 1.13.1 was released on December 14, 2019. This is a bug-fix release, fixing two crash bugs involving IMAP and the postpone menu. It also reverts by default the 1.13.0 sidebar display changes. See the UPDATING file for more details.
Mutt 1.13.0 was released on November 30, 2019. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
Mutt 1.12.2 was released on September 21, 2019. This is a bug-fix release, fixing file monitor compilation on older systems, and application/pgp-encrypted attachment handling for sent emails.
Mutt 1.12.1 was released on June 15, 2019. This is a bug-fix release, fixing issues with $forward_attachments, IMAP new mail detection, IMAP fcc’ing, and a build issue on OpenBSD. Additionally $fcc_before_send was added. See the UPDATING file for more details.
Mutt 1.12.0 was released on May 25, 2019. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
Mutt 1.11.4 was released on March 13, 2019. This is a bug-fix release, fixing a Gmail $trash bug that could end up deleting incorrect messages.
Mutt 1.11.3 was released on February 1, 2019. This is a bug-fix release, fixing compilation with LibreSSL and various other bug fixes.
Mutt 1.11.2 was released on January 7, 2019. This is a bug-fix release, fixing compilation with the latest OpenSSL version and various other bug fixes.
Mutt 1.11.1 was released on December 1, 2018 (the “A Chorus Line” release). This is a bug-fix release, fixing a crash in the new $imap_qresync code.
Mutt 1.11.0 was released on November 25, 2018. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
Mutt 1.10.1 was released on July 16, 2018. This is an important bug-fix release, fixing a code injection and a couple path traversal vulnerabilities.
Mutt 1.10.0 was released on May 19, 2018. This release has new features and bug fixes. See the UPDATING file, or for more details see the release notes page.
more news