Issued:

2014-07-28

Updated:

2014-10-13

RHBA-2014:0945 - mutt bug fix update

Synopsis

mutt bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated mutt packages that fix several bugs are now available for Red Hat Enterprise Linux 6.

Description

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.

This update fixes the following bugs:

• Prior to this update, an internal hash referencing a specific subject in each envelope referenced a non-existent one. As a consequence, mutt terminated with a segmentation fault when the user attempted to synchronize mailbox after removing one or more messages in threaded mode. With this update, the subject hash updates correctly and the crash no longer occurs. (BZ#674271)

• Previously, the array that stores mutt message headers did not properly handle empty header entries. This could cause mutt to terminate unexpectedly with a segmentation fault when a change of message IDs occurred on the IMAP server, for example when the IMAP server was connected with multiple clients while removing messages through one of them. In this update, the handling of empty headers has been optimized and sorting messages in the array has been streamlined. As a result, multiple connected clients now synchronize correctly. (BZ#690409)

• Prior to this update, mutt did not correctly parse certificate files when accessing accounts through IMAP and POP3 protocols. Consequently, mutt terminated unexpectedly with a segmentation fault when attempting to access an IMAP or POP3 account. This update fixes the parsing process and accessing an IMAP or POP3 account now functions as intended. (BZ#750929)

• Previously, a bug prevented mutt's interactive certificate verification from working properly. As a consequence, mutt terminated unexpectedly with a segmentation fault when the user tried to send an e-mail message from the command line to a TLS server, for which mutt had not received the certificate yet. With this update, mutt's interactive certificate verification has been fixed and the described crash no longer occurs. (BZ#1083524)

Users of mutt are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

Updated Packages

• mutt-1.5.20-7.20091214hg736b6a.el6.x86_64.rpm
• mutt-debuginfo-1.5.20-7.20091214hg736b6a.el6.ppc64.rpm
• mutt-debuginfo-1.5.20-7.20091214hg736b6a.el6.s390x.rpm
• mutt-1.5.20-7.20091214hg736b6a.el6.ppc64.rpm
• mutt-1.5.20-7.20091214hg736b6a.el6.i686.rpm
• mutt-debuginfo-1.5.20-7.20091214hg736b6a.el6.i686.rpm
• mutt-1.5.20-7.20091214hg736b6a.el6.s390x.rpm
• mutt-debuginfo-1.5.20-7.20091214hg736b6a.el6.x86_64.rpm
• mutt-1.5.20-7.20091214hg736b6a.el6.src.rpm

Fixes

• This content is not included.BZ - 674271
• This content is not included.BZ - 690409
• This content is not included.BZ - 750929

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.