ELA-949-1 mutt security update

denial of service

2023-09-20
Packagemutt
Version1.5.23-3+deb8u7 (jessie), 1.7.2-1+deb9u7 (stretch)
Related CVEs CVE-2023-4874 CVE-2023-4875


Two NULL pointer dereference flaws were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which may result in denial of service (application crash) when viewing a specially crafted email or when composing from a specially crafted draft message.



For Debian 8 jessie, these problems have been fixed in version 1.5.23-3+deb8u7.

For Debian 9 stretch, these problems have been fixed in version 1.7.2-1+deb9u7.

We recommend that you upgrade your mutt packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.