1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2009-1390
PublicDate: 2009-06-16
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1390
Description:
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS
(mutt_ssl_gnutls.c), allows connections when only one TLS certificate in
the chain is accepted instead of verifying the entire chain, which allows
remote attackers to spoof trusted servers via a man-in-the-middle attack.
Ubuntu-Description:
Notes:
kees> introduced in 1.5.19, fixed in 1.5.20
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_mutt:
upstream: http://dev.mutt.org/hg/mutt/rev/8f11dd00c770
upstream: http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a
upstream_mutt: needs-triage
dapper_mutt: not-affected
hardy_mutt: not-affected
intrepid_mutt: not-affected
jaunty_mutt: not-affected
devel_mutt: not-affected
|