This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[SECURITY] mutt
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Wed, 31 Dec 2014 21:52:18 -0600
- Subject: [SECURITY] mutt
- Authentication-results: sourceware.org; auth=none
Marco,
Please add the following patches to mutt:
* For CVE-2014-9116 (see
https://bugzilla.redhat.com/show_bug.cgi?id=1168463 for details):
http://pkgs.fedoraproject.org/cgit/mutt.git/plain/mutt-1.5.23-sendlib.patch
* All programs should use the system ca-certificates instead of bundling
their own (which are usually old, or become so quickly):
http://pkgs.fedoraproject.org/cgit/mutt.git/plain/mutt-1.5.21-cabundle.patch
While you are at it:
* Any reason not to configure with --enable-smtp?
* I just added gpgme to the distro. This can be used in mutt by
installing libgpgme-devel and adding --enable-gpgme to the configure flags.
* Kerberos and SASL support can also be enabled by installing
libkrb5-devel and libsasl2-devel, and adding --enable-gss --enable-sasl
to the configure flags.
--
Yaakov