ALT-PU-2024-17352-1

Package update neomutt in branch sisyphus_e2k

Version20241212-alt1

Task#0

Published2024-12-19

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM6.5

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

Published: 2024-11-12Modified: 2025-07-16

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

References

MEDIUM5.3

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

Published: 2024-11-12Modified: 2024-11-14

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References