====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN645
_____________________________________________________________________

DATE                : 27/11/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Mutt versions prior to 2.0.2.

=====================================================================
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20201116/000031.html
_____________________________________________________________________

Hello Mutt Users,

I've just released version 2.0.2.  Instructions for downloading are
available at <http://www.mutt.org/download.html>, or the tarball can be
directly downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take
the time to verify the signature file against my public key.

This is an important bug fix release, addressing CVE-2020-28896.  Mutt
had incorrect error handling when initially connecting to an IMAP
server, which could result in an attempt to authenticate without
enabling TLS.

Thanks to Gabriel Salles-Loustau for discovering the problem, and
including detailed information and a reproducing example in his report!

Also thanks to Richard Russon for coordinating the release with Mutt.

-Kevin

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================