This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[SECURITY] mutt

From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
To: cygwin-apps at cygwin dot com
Date: Wed, 31 Dec 2014 21:52:18 -0600
Subject: [SECURITY] mutt
Authentication-results: sourceware.org; auth=none

Marco,

Please add the following patches to mutt:

* For CVE-2014-9116 (seehttps://bugzilla.redhat.com/show_bug.cgi?id=1168463 for details):


http://pkgs.fedoraproject.org/cgit/mutt.git/plain/mutt-1.5.23-sendlib.patch

* All programs should use the system ca-certificates instead of bundlingtheir own (which are usually old, or become so quickly):


http://pkgs.fedoraproject.org/cgit/mutt.git/plain/mutt-1.5.21-cabundle.patch

While you are at it:

* Any reason not to configure with --enable-smtp?

* I just added gpgme to the distro. This can be used in mutt byinstalling libgpgme-devel and adding --enable-gpgme to the configure flags.

* Kerberos and SASL support can also be enabled by installinglibkrb5-devel and libsasl2-devel, and adding --enable-gss --enable-saslto the configure flags.


--
Yaakov

Follow-Ups:
- Re: [SECURITY] mutt
  - From: Marco Atzeri

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]