rpm/mutt
1
0
Fork 1
forked from pool/mutt
Code Pull Requests Activity

Accepting request 1114300 from server:mail

Browse Source 
- Submit latest mutt 2.2.12 to SLE-15-SP6 for jira#PED-5580
  * Drop patches for boo#1172906, boo#1172935, CVE-2020-14093,
    and CVE-2020-14154 now upstream
    - 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01.patch
      + Prevent possible IMAP MITM via PREAUTH response.
    - mutt-1.10.1-backport-mutt_ssl_gnutls-1.14.3.dif
      to port mutt_ssl_gnutls.c from mutt 1.14.3 back
      + expired certs not properly rejected with GnuTLS
      + Side effect is support of TLSv1_3 is supported by gnutls
  * Drop patch for bsc#1173197 c547433cdf2e79191b15c6932c57f1472bfb5ff4.dif
    now upstream
    - Fix CVE-2020-14954: STARTTLS buffering issue allowing man
      in the middle attack of IMAP, SMTP and POP3
  * Drop patch for bsc#1179035, CVE-2020-28896.patch now upstream
    - incomplete connection termination could lead to sending
      credentials over unencrypted connections 
  * Drop patch for bsc#1179113 and boo#1179461 nofreeze-c72f740a.patch
    now upstream
    - Avoid that message with a million tiny parts can freeze MUA
      for several minutes
  * Drop patch for bsc#1181221, CVE-2021-3181 mutt-colon.patch now
    upstream
    - recipient parsing memory leak. This patch combines three
      smaller commits 
  * Drop patch for bsc#1198518, CVE-2022-1328 uudecode-e5ed080c.patch
    - fix a buffer overflow in uudecoder
  * Drop patches now upstream
    - CVE-2023-4874-part1.patch (bsc#1215189 for CVE-2023-4874)
    - CVE-2023-4874-part2.patch (bsc#1215189 for CVE-2023-4874)
    - CVE-2023-4875.patch (bsc#1215191 for CVE-2023-4875)

OBS-URL: https://build.opensuse.org/request/show/1114300
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mutt?expand=0&rev=115
This commit is contained in:
Ana Guerrero 2023-10-01 19:22:18 +00:00 committed by Git OBS Bridge
commit ece2fd2d31
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
mutt.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Wed Sep 27 13:42:36 UTC 2023 - Dr. Werner Fink <werner@suse.de>
- Submit latest mutt 2.2.12 to SLE-15-SP6 for jira#PED-5580
* Drop patches for boo#1172906, boo#1172935, CVE-2020-14093,
and CVE-2020-14154 now upstream
- 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01.patch
+ Prevent possible IMAP MITM via PREAUTH response.
- mutt-1.10.1-backport-mutt_ssl_gnutls-1.14.3.dif
to port mutt_ssl_gnutls.c from mutt 1.14.3 back
+ expired certs not properly rejected with GnuTLS
+ Side effect is support of TLSv1_3 is supported by gnutls
* Drop patch for bsc#1173197 c547433cdf2e79191b15c6932c57f1472bfb5ff4.dif
now upstream
- Fix CVE-2020-14954: STARTTLS buffering issue allowing man
in the middle attack of IMAP, SMTP and POP3
* Drop patch for bsc#1179035, CVE-2020-28896.patch now upstream
- incomplete connection termination could lead to sending
credentials over unencrypted connections
* Drop patch for bsc#1179113 and boo#1179461 nofreeze-c72f740a.patch
now upstream
- Avoid that message with a million tiny parts can freeze MUA
for several minutes
* Drop patch for bsc#1181221, CVE-2021-3181 mutt-colon.patch now
upstream
- recipient parsing memory leak. This patch combines three
smaller commits
* Drop patch for bsc#1198518, CVE-2022-1328 uudecode-e5ed080c.patch
- fix a buffer overflow in uudecoder
* Drop patches now upstream
- CVE-2023-4874-part1.patch (bsc#1215189 for CVE-2023-4874)
- CVE-2023-4874-part2.patch (bsc#1215189 for CVE-2023-4874)
- CVE-2023-4875.patch (bsc#1215191 for CVE-2023-4875)
-------------------------------------------------------------------
Tue Sep 12 07:15:52 UTC 2023 - Dr. Werner Fink <werner@suse.de>