openSUSE-SU-2022:10020-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10020-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10020-1
Related
Published
2022-06-21T12:01:18Z
Modified
2022-06-21T12:01:18Z
Summary
Security update for neomutt
Details

This update for neomutt fixes the following issues:

neomutt was updated to 20220429:

  • Bug Fixes
  • Do not crash on an invalid use_threads/sort combination
  • Fix: stuck browser cursor
  • Resolve (move) the cursor after <edit-label>
  • Index: fix menu size on new mail
  • Don't overlimit LMDB mmap size
  • OpenBSD y/n translation fix
  • Generic: split out OP_EXIT binding
  • Fix parsing of sendmail cmd
  • Fix: crash with menumoveoff=no
  • Newsrc: bugfix; nntpuser and nntppass ignored
  • Menu: ensure config changes cause a repaint
  • Mbox: fix sync duplicates
  • Make sure the index redraws all that's needed
  • Translations
  • 100% Chinese (Simplified)
  • 100% Czech
  • 100% German
  • 100% Hungarian
  • 100% Lithuanian
  • 100% Serbian
  • 100% Turkish
  • Docs
  • add missing pattern modifier ~I for externalsearchcommand
  • Code
  • menu: eliminate custom_redraw()
  • modernise mixmaster
  • Kill global and Propagate display attach status through State-

neomutt was updated to 20220415:

  • Security
  • Fix uudecode buffer overflow (CVE-2022-1328)
  • Features
  • Colours, colours, colours
  • Bug Fixes
  • Pager: fix pager_stop
  • Merge colours with normal
  • Color: disable mono command
  • Fix forwarding text attachments when honor_disposition is set
  • Pager: drop the nntp change-group bindings
  • Use mailbox_check flags coherently, add IMMEDIATE flag
  • Fix: tagging in attachment list
  • Fix: misalignment of mini-index
  • Make sure to update the menu size after a resort
  • Translations
  • 100% Hungarian
  • Build
  • Update acutest
  • Code
  • Unify pipe functions
  • Index: notify if navigation fails
  • Gui: set colour to be merged with normal
  • Fix: leak in tlscheckone_certificate()
  • Upstream
  • Flush iconv() in muttconvertstring()
  • Fix integer overflow in muttconvertstring()
  • Fix uudecode cleanup on unexpected eof

update to 20220408:

  • Compose multipart emails
  • Fix screen mode after attempting decryption
  • imap: increase max size of oauth2 token
  • Fix autocrypt
  • Unify Alias/Query workflow
  • Fix colours
  • Say which file exists when saving attachments
  • Force SMTP authentication if smtp_user is set
  • Fix selecting the right email after limiting
  • Make sure we have enough memory for a new email
  • Don't overwrite with zeroes after unlinking the file
  • Fix crash when forwarding attachments
  • Fix help reformatting on window resize
  • Fix poll to use PollFdsCount and not PollFdsLen
  • regex: range check arrays strictly
  • Fix Coverity defects
  • Fix out of bounds write with long log lines
  • Apply fast_reply to 'to', 'cc', or 'bcc'
  • Prevent warning on empty emails
  • New default: set rfc2047_parameters = yes
  • 100% German
  • 100% Lithuanian
  • 100% Serbian
  • 100% Czech
  • 100% Turkish
  • 72% Hungarian
  • Improve header cache explanation
  • Improve description of some notmuch variables
  • Explain how timezones and !s work inside %{}, %[] and %()
  • Document config synonyms and deprecations
  • Create lots of GitHub Actions
  • Drop TravisCI
  • Add automated Fuzzing tests
  • Add automated ASAN tests
  • Create Dockers for building Centos/Fedora
  • Build fixes for Solaris 10
  • New libraries: browser, enter, envelope
  • New configure options: --fuzzing --debug-color --debug-queue
  • Split Index/Pager GUIs/functions
  • Add lots of function dispatchers
  • Eliminate menu_loop()
  • Refactor function opcodes
  • Refactor cursor setting
  • Unify Alias/Query functions
  • Refactor Compose/Envelope functions
  • Modernise the Colour handling
  • Refactor the Attachment View
  • Eliminate the global Context
  • Upgrade mutt_get_field()
  • Refactor the color quoted code
  • Fix lots of memory leaks
  • Refactor Index resolve code
  • Refactor PatternList parsing
  • Refactor Mailbox freeing
  • Improve key mapping
  • Factor out charset hooks
  • Expose muttfileseek API
  • Improve API of strto* wrappers
  • imap QRESYNC fixes
  • Allow an empty To: address prompt
  • Fix argc==0 handling
  • Don't queue IMAP close commands
  • Fix IMAP UTF-7 for code points >= U+10000
  • Don't include inactive messages in msgset generation

update to 20211029 (boo#1185705, CVE-2021-32055):

  • Notmuch: support separate database and mail roots without .notmuch
  • fix notmuch crash on open failure
  • fix crypto crash handling pgp keys
  • fix ncrypt/pgp filegetsize return check
  • fix restore case-insensitive header sort
  • fix pager redrawing of long lines
  • fix notmuch: check database dir for xapian dir
  • fix notmuch: update index count after <entire-thread>
  • fix protect hash table against empty keys
  • fix prevent real_subj being set but empty
  • fix leak when saving fcc
  • fix leak after <edit-or-view-raw-message>
  • fix leak after trash to hidden mailbox
  • fix leak restoring postponed emails
  • fix new mail notifications
  • fix pattern compilation error for ( !>(~P) )
  • fix menu display on window resize
  • Stop batch mode emails with no argument or recipients
  • Add sanitize call in print mailcap function
  • fix hdr_order to use the longest match
  • fix (un)setenv to not return an error with unset env vars
  • fix Imap sync when closing a mailbox
  • fix segfault on OpenBSD current
  • sidebar: restore sidebar_spoolfile colour
  • fix assert when displaying a file from the browser
  • fix exec command in compose
  • fix check_stats for Notmuch mailboxes
  • Fallback: Open Notmuch database without config
  • fix gui hook commands on startup
  • threads: implement the $use_threads feature
  • https://neomutt.org/feature/use-threads
  • hooks: allow a -noregex param to folder and mbox hooks
  • mailing lists: implement list-(un)subscribe using RFC2369 headers
  • mailcap: implement x-neomutt-nowrap flag
  • pager: add $localdateheader option
  • imap, smtp: add support for authenticating using XOAUTH2
  • Allow <sync-mailbox> to fail quietly
  • imap: speed up server-side searches
  • pager: improve skip-quoted and skip-headers
  • notmuch: open database with user's configuration
  • notmuch: implement <vfolder-window-reset>
  • config: allow += modification of my_ variables
  • notmuch: tolerate file renames behind neomutt's back
  • pager: implement $pagerreaddelay
  • notmuch: validate nmquerywindow_timebase
  • notmuch: make $nm_record work in non-notmuch mailboxes
  • compose: add $greeting - a welcome message on top of emails
  • notmuch: show additional mail in query windows
  • imap: fix crash on external IMAP events
  • notmuch: handle missing libnotmuch version bumps
  • imap: add sanity check for qresync
  • notmuch: allow windows with 0 duration
  • index: fix index selection on <collapse-all>
  • imap: fix crash when sync'ing labels
  • search: fix searching by Message-Id in <mark-message>
  • threads: fix double sorting of threads
  • stats: don't check mailbox stats unless told
  • alias: fix crash on empty query
  • pager: honor mid-message config changes
  • mailbox: don't propagate read-only state across reopens
  • hcache: fix caching new labels in the header cache
  • crypto: set invalidity flags for gpgme/smime keys
  • notmuch: fix parsing of multiple type=
  • notmuch: validate $nmdefaulturl
  • messages: avoid unnecessary opening of messages
  • imap: fix seqset iterator when it ends in a comma
  • build: refuse to build without pcre2 when pcre2 is linked in ncurses
References

Affected packages

SUSE:Package Hub 15 SP4 / neomutt

Package

Name
neomutt
Purl
pkg:rpm/suse/neomutt&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20220429-bp154.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "neomutt-doc": "20220429-bp154.2.3.1",
            "neomutt": "20220429-bp154.2.3.1",
            "neomutt-lang": "20220429-bp154.2.3.1"
        }
    ]
}

openSUSE:Leap 15.4 / neomutt

Package

Name
neomutt
Purl
pkg:rpm/opensuse/neomutt&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20220429-bp154.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "neomutt-doc": "20220429-bp154.2.3.1",
            "neomutt": "20220429-bp154.2.3.1",
            "neomutt-lang": "20220429-bp154.2.3.1"
        }
    ]
}