-
mutt (1.5.20-7ubuntu1.3) lucid-security; urgency=medium
* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
handling headers beginning with newline.
- debian/patches/ubuntu/mutt-CVE-2014-9116.patch
- CVE-2014-9116
-- Steve Beattie <email address hidden> Wed, 10 Dec 2014 12:46:54 -0800
-
mutt (1.5.20-7ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: buffer overflow in header processing after
address expansion.
- debian/patches/ubuntu/mutt-CVE-2014-0467.patch
- CVE-2014-0467
-- Steve Beattie <email address hidden> Wed, 12 Mar 2014 10:59:56 -0700
-
mutt (1.5.20-7ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: Failure to verify that a server's hostname matches the
Common Name listed in a certificate when setting up a TLS connection.
- debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate.
- CVE-2011-1429
-- Tyler Hicks <email address hidden> Thu, 22 Sep 2011 00:59:35 -0500
-
mutt (1.5.20-7ubuntu1) lucid; urgency=low
* Merge with Debian testing (lp: #526096). Remaining changes:
+ debian/control, debian/patches/debian-specific/build_doc_adjustments.diff:
Use w3m (main) instead of elinks (universe) for generating documentation.
mutt (1.5.20-7) unstable; urgency=low
* debian/NEWS: backported a note about the new behavior with attachments
on the command line (Closes: 539276)
* debian/patches:
+ upstream/548494-swedish-intl.patch: fixes to Swedish translation
(Closes: 548494)
+ upstream/553238-german-intl.patch: small fix to the German translation
(Closes: 553238)
+ upstream/553321-ansi-escape-segfault.patch: prevent mutt from segfaulting
with large ASCII escape sequences (Closes: 553321)
+ upstream/557395-muttrc-crypto.patch: small fix to the muttrc man
(Closes: 557395)
+ upstream/545316-header-color.patch: do not store the color in header cache
(Closes: 545316)
+ upstream/568295-references.patch: preserve the References header if the
In-Reply-To is not initially present (Closes: 568295)
+ upstream/547980-smime_keys-chaining.patch: support certificate chaining in
smime_keys (Closes: 547980, 549006)
+ upstream/528233-readonly-open.patch: open attachments in read-only
(Closes: 528233)
+ upstream/228671-pipe-mime.patch: don't mess up the terminal while piping
attachments (Closes: 228671)
+ upstream/383769-score-match.patch: match full name with ~f, same as
mutt-ng (Closes: 383769)
+ upstream/547739-manual-typos.patch: typos in manual.txt (Closes: 547739)
+ upstream/311296-rand-mktemp.patch: more random file creation in /tmp, see
CVE CAN-2005-2351 (Closes: 311296)
+ debian-specific/Muttrc: set time_inc to be 250ms (Closes: 537746)
* debian/control:
+ bumping Standards-Version to 3.8.4, nothing to be done
+ adding ${misc:Depends} to make lintian happy
* debian/rules: adding a commented rule to enable tokyocabinet if we want
mutt (1.5.20-6) unstable; urgency=low
* debian/patches:
+ debian-specific/467432-write_bcc.patch: do not write Bcc headers
even if write_bcc is set (Closes: 467432, 546884, 467432)
-- Michael Bienia <email address hidden> Mon, 22 Feb 2010 23:56:44 +0100
-
mutt (1.5.20-5ubuntu1) lucid; urgency=low
* debian/control, debian/patches/debian-specific/build_doc_adjustments.diff:
use w3m instead of elinks for generating documentation.
-- Mathias Gug <email address hidden> Wed, 20 Jan 2010 18:17:56 -0500
-
mutt (1.5.20-5) unstable; urgency=low
* debian/patches:
+ upstream/533370-pgp-inline.patch: fixing the patch from 1.5.20-3, now
pgp.c is correctly included (Closes: 533370, 558813)
+ upstream/537694-segv-imap-headers.patch: fixing a segfault when the IMAP
server sends additional headers and mutt segfaults (Closes: 537694)
+ upstream/393926-internal-viewer.patch: revert the patch and add the
auto_view of text/x-diff (Closes: 546760, 549158)
+ upstream/548577-gpgme-1.2.patch: do not fail to open pgp signed message
with libgpgme >= 1.2 (Closes: 548577)
-- Steve Langasek <email address hidden> Wed, 23 Dec 2009 07:22:38 +0000
-
mutt (1.5.20-4ubuntu1) karmic; urgency=low
* Revert upstream/393926-internal-viewer.patch, which introduces
regressions in the support for all text/* types that have interactive
external handlers in mailcap (e.g., text/html). The regression is being
tracked as Debian bug #546760.
-- Steve Langasek <email address hidden> Fri, 02 Oct 2009 23:27:47 -0700
