Security Information / 2020 / Security Information -- DSA-4708-1 neomutt

Debian Security Advisory

DSA-4708-1 neomutt -- security update

Date Reported:

21 Jun 2020

Affected Packages:

neomutt

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2020-14093, CVE-2020-14954.

More information:

Damian Poddebniak and Fabian Ising discovered two security issues in the STARTTLS handling of the Neomutt mail client, which could enable MITM attacks.

For the stable distribution (buster), these problems have been fixed in version 20180716+dfsg.1-1+deb10u1.

We recommend that you upgrade your neomutt packages.

For the detailed security status of neomutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/neomutt