Bug 1198518 (CVE-2022-1328)

Summary: VUL-0: CVE-2022-1328: mutt: buffer overflow in uudecoder
Product: [Novell Products] SUSE Security Incidents Reporter: Gabriele Sonnu <gabriele.sonnu>
Component: IncidentsAssignee: Dr. Werner Fink <werner>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: meissner, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/329120/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-1328:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Gabriele Sonnu 2022-04-15 09:28:05 UTC
Affected packages:

 - SUSE:SLE-11:Update/mutt   1.5.17
 - SUSE:SLE-12:Update/mutt   1.10.1
 - SUSE:SLE-15:Update/mutt   1.10.1
 - openSUSE:Factory/mutt      2.1.5      

Upstream fix:

https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
Comment 3 OBSbugzilla Bot 2022-04-19 12:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1198518) was mentioned in
https://build.opensuse.org/request/show/970760 Factory / mutt
Comment 4 Swamp Workflow Management 2022-04-25 19:43:28 UTC
SUSE-SU-2022:1376-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1198518
CVE References: CVE-2022-1328
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    mutt-1.10.1-150000.3.23.1
openSUSE Leap 15.3 (src):    mutt-1.10.1-150000.3.23.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    mutt-1.10.1-150000.3.23.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    mutt-1.10.1-150000.3.23.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    mutt-1.10.1-150000.3.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2022-04-29 19:18:35 UTC
SUSE-SU-2022:1478-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1198518
CVE References: CVE-2022-1328
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    mutt-1.10.1-55.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.