CVE-2020-14954

Priority
Description
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering
issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS"
response, the client reads additional data (e.g., from a man-in-the-middle
attacker) and evaluates it in a TLS context, aka "response injection."
Notes
Package
Source: mutt (LP Ubuntu Debian)
Upstream:released (1.14.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.5.21-5ubuntu2.5)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.5.24-1ubuntu0.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.9.4-3ubuntu0.3)
Ubuntu 19.10 (Eoan Ermine):released (1.10.1-2.1ubuntu0.2)
Ubuntu 20.04 LTS (Focal Fossa):released (1.13.2-1ubuntu0.2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.14.4-2)
Package
Upstream:released (20200619+dfsg.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):not-affected (20200619+dfsg.1-1)
More Information

Updated: 2020-07-01 14:22:15 UTC (commit f2a40e02a46fe0d2c9d7b8b97047199f18432424)