mutt 1.14.3 released
Kevin J. McCarthy
kevin at 8t8.us
Sun Jun 14 22:05:29 UTC 2020
Hello Mutt Users,
I've just released version 1.14.3. Instructions for downloading are
available at <http://www.mutt.org/download.html>, or the tarball can be
directly downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take
the time to verify the signature file against my public key.
This is an important security release fixing two issues.
The first is a possible IMAP man-in-the-middle attack. No credentials
are exposed, but could result in unintended emails being "saved" to an
attacker's server. The $ssl_starttls quadoption is now used to check
for an unencrypted PREAUTH response from the server.
Thanks very much to Damian Poddebniak and Fabian Ising from the Münster
University of Applied Sciences for reporting this issue, and their help
in testing the fix.
The second fix is for a problem with GnuTLS certificate prompting.
"Rejecting" an expired intermediate cert did not terminate the
connection. Thanks to @henk on IRC for reporting the issue.
-Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-announce/attachments/20200614/b31d9198/attachment.asc>
More information about the Mutt-announce
mailing list