1
Candidate: CVE-2009-3766
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3766
6
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is
7
used, does not verify the domain name in the subject's Common Name (CN)
8
field of an X.509 certificate, which allows man-in-the-middle attackers to
9
spoof SSL servers via an arbitrary valid certificate.
12
jdstrand> per Debian, our mutt is linked against gnutls, bug #553433
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553433
20
upstream_mutt: needs-triage
23
intrepid_mutt: ignored (reached end-of-life)