Bugzilla – Bug 1101581
VUL-0: CVE-2018-14353: mutt,neomutt: imap_quote_string in imap/util.c has an integer underflow.
Last modified: 2019-05-09 10:10:49 UTC
CVE-2018-14353 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14353 https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
This is an autogenerated message for OBS integration: This bug (1101581) was mentioned in https://build.opensuse.org/request/show/623577 Factory / mutt
Created attachment 777771 [details] quote-e0131852.patch for SLES-11 does also cover this bug#1101581 as well as bug#1101573 and bug#1101578
SUSE-SU-2018:2085-1: An update that solves 16 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589 CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): mutt-1.10.1-3.3.4
openSUSE-SU-2018:2212-1: An update that solves 16 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589 CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Sources used: openSUSE Leap 15.0 (src): mutt-1.10.1-lp150.2.3.1
SUSE-SU-2018:2403-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1101567,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101588,1101589,936807 CVE References: CVE-2018-14349,CVE-2018-14350,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14362 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): mutt-1.5.17-42.43.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): mutt-1.5.17-42.43.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): mutt-1.5.17-42.43.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): mutt-1.5.17-42.43.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): mutt-1.5.17-42.43.1
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2018-09-18. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64138
This is an autogenerated message for OBS integration: This bug (1101581) was mentioned in https://build.opensuse.org/request/show/663361 42.3 / mutt
openSUSE-SU-2019:0052-1: An update that solves 16 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1061343,1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,1120935,980830,982129,986534 CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Sources used: openSUSE Leap 42.3 (src): mutt-1.10.1-2.5.1
released
SUSE-SU-2019:1196-1: An update that solves 16 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1061343,1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,980830,982129,986534 CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): mutt-1.10.1-55.6.1 SUSE Linux Enterprise Desktop 12-SP3 (src): mutt-1.10.1-55.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.