CVE-2009-1390
Published: 16 June 2009
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
Notes
Author | Note |
---|---|
kees | introduced in 1.5.19, fixed in 1.5.20 |
Priority
Status
Package | Release | Status |
---|---|---|
mutt Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://dev.mutt.org/hg/mutt/rev/8f11dd00c770 upstream: http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a |