Created attachment 777122 [details]
1.10.1.diff

I'm pretty sure that NeoMutt due similar code base has the same problems as well ... adding David to carbon copy list

Beside this: the change in gpg.rc from contrib is not automatically back portable to the users ~/.gpg.rc !

(In reply to Dr. Werner Fink from comment #2)
> I'm pretty sure that NeoMutt due similar code base has the same problems as
> well ... adding David to carbon copy list

Repeat this part for David as well

Thanks. The fix from mutt is present in neomutt, the fixed package is on the way to factory, referencing this bug.

This is an autogenerated message for OBS integration:
This bug (1101428) was mentioned in
https://build.opensuse.org/request/show/623357 Factory / neomutt
https://build.opensuse.org/request/show/623363 Factory / mutt

Going to close this bug, since I've opened a dedicated bug for all of the vulnerabilities. This makes it easier for our tools to track those issues and making sure that all affected codestreams will eventually be fixed.

CVE-2018-14363 bnc#1101566
CVE-2018-14362 bnc#1101567
CVE-2018-14361 bnc#1101568
CVE-2018-14360 bnc#1101569
CVE-2018-14359 bnc#1101570
CVE-2018-14358 bnc#1101571
CVE-2018-14357 bnc#1101573
CVE-2018-14356 bnc#1101576
CVE-2018-14355 bnc#1101577
CVE-2018-14354 bnc#1101578
CVE-2018-14353 bnc#1101581
CVE-2018-14352 bnc#1101582
CVE-2018-14351 bnc#1101583
CVE-2018-14350 bnc#1101588
CVE-2018-14349 bnc#1101589

See previous comment.

This is an autogenerated message for OBS integration:
This bug (1101428) was mentioned in
https://build.opensuse.org/request/show/623577 Factory / mutt

openSUSE-SU-2018:2212-1: An update that solves 16 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589
CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363
Sources used:
openSUSE Leap 15.0 (src):    mutt-1.10.1-lp150.2.3.1

This is an autogenerated message for OBS integration:
This bug (1101428) was mentioned in
https://build.opensuse.org/request/show/663361 42.3 / mutt

openSUSE-SU-2019:0052-1: An update that solves 16 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1061343,1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,1120935,980830,982129,986534
CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363
Sources used:
openSUSE Leap 42.3 (src):    mutt-1.10.1-2.5.1

SUSE-SU-2019:1196-1: An update that solves 16 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1061343,1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,980830,982129,986534
CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    mutt-1.10.1-55.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    mutt-1.10.1-55.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.