===================================================================== CERT-Renater Note d'Information No. 2021/VULN162 _____________________________________________________________________ DATE : 15/04/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running mutt versions prior to 2.2.3. ===================================================================== http://lists.mutt.org/pipermail/mutt-users/Week-of-Mon-20220411/003401.html _____________________________________________________________________ Hello Mutt Users, I've just released version 2.2.3. Instructions for downloading are available at , or the tarball can be directly downloaded from . Please take the time to verify the signature file against my public key[1]. This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in the uuencoded decoder routine. For more details please see GitLab ticket 404: . The commit fixing this issue is at Also fixed were a possible integer overflow issue in the general iconv and rfc2047-conversion iconv functions. These are not believed to be exploitable. A huge thank you to Tavis Ormandy for reporting these issues, suggesting a patch for the iconv issue, helping test, and providing constructive feedback. Hurray for the white-hats! -Kevin [1] My public key is available at: - my personal website: https://www.8t8.us/configs/80316BDA.asc.pubkey - the mutt website: http://www.mutt.org/keys/kevin.key - The keys.openpgp.org network https://keys.openpgp.org/vks/v1/by-fingerprint/8975A9B33AA37910385C5308ADEF768480316BDA ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================