PublicDateAtUSN: 2020-06-15 17:15:00 UTC
Candidate: CVE-2020-14154
PublicDate: 2020-06-15 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154
 http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
 http://www.mutt.org
 https://ubuntu.com/security/notices/USN-4401-1
Description:
 Mutt before 1.14.3 proceeds with a connection even if, in response to a
 GnuTLS certificate prompt, the user rejects an expired intermediate
 certificate.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N [4.8 MEDIUM]


Patches_mutt:
 upstream: https://github.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95
 upstream: https://github.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b
 upstream: https://github.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3
upstream_mutt: needs-triage
precise/esm_mutt: released (1.5.21-5ubuntu2.4)
trusty_mutt: ignored (out of standard support)
trusty/esm_mutt: DNE
xenial_mutt: released (1.5.24-1ubuntu0.3)
esm-infra/xenial_mutt: released (1.5.24-1ubuntu0.3)
bionic_mutt: released (1.9.4-3ubuntu0.2)
eoan_mutt: released (1.10.1-2.1ubuntu0.1)
focal_mutt: released (1.13.2-1ubuntu0.1)
devel_mutt: released (1.14.3-1)