1 Debian package update(s) for quigon.federez.net - Monitoring

17 Aoû 2018

apticron report [Fri, 17 Aug 2018 22:38:06 +0200]
========================================================================
apticron has detected that some packages need upgrading on:
        quigon.federez.net
        [ 160.228.155.65 ]
The following packages are currently pending an upgrade:
        mutt 1.7.2-1+deb9u1
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour mutt ---
mutt (1.7.2-1+deb9u1) stretch-security; urgency=high
  * Initial changelog entries for security update (Closes: 904051)
  * Patches provided by Roberto C. Sánchez &lt;roberto(a)debian.org&gt;
    + Fix arbitrary command execution by remote IMAP servers via backquote
      characters, related to the mailboxes command associated with a manual
      subscription or unsubscription (CVE-2018-14354)
    + Fix arbitrary command execution by remote IMAP servers via backquote
      characters, related to the mailboxes command associated with an automatic
      subscription (CVE-2018-14357)
    + Fix a stack-based buffer overflow caused by imap_quote_string() not
      leaving room for quote characters (CVE-2018-14352)
    + Fix an integer underflow in imap_quote_string() (CVE-2018-14353)
    + Fix mishandling of zero-length UID in pop.c (CVE-2018-14356)
    + Fix unsafe interaction between message-cache pathnames and certain
      characters in pop.c (CVE-2018-14362)
    + Fix mishandling of ".." directory traversal in IMAP mailbox name
      (CVE-2018-14355)
    + Fix a stack-based buffer overflow for an IMAP FETCH response with a long
      INTERNALDATE field (CVE-2018-14350)
    + Fix a stack-based buffer overflow for an IMAP FETCH response with a long
      RFC822.SIZE field (CVE-2018-14358)
    + Fix mishandling of an IMAP NO response without a message (CVE-2018-14349)
    + Fix mishandling of long IMAP status mailbox literal count size
      (CVE-2018-14351)
    + Fix a buffer overflow via base64 data (CVE-2018-14359)
    + Fix a stack-based buffer overflow because of incorrect sscanf usage
      (CVE-2018-14360)
    + Fix a defect where processing continues if memory allocation fails for
      NNTP messages (CVE-2018-14361)
    * Fix unsafe interaction between message-cache pathnames and certain
      characters in newsrc.c (CVE-2018-14363)
 -- Antonio Radici &lt;antonio(a)debian.org&gt;  Tue, 07 Aug 2018 09:48:44 +0100
========================================================================
You can perform the upgrade by issuing the command:
        apt-get dist-upgrade
as root on quigon.federez.net
--
apticron