This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] mutt
- From: Marco Atzeri <marco dot atzeri at gmail dot com>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 02 Jan 2015 16:46:53 +0100
- Subject: Re: [SECURITY] mutt
- Authentication-results: sourceware.org; auth=none
- References: <54A4C472 dot 6080501 at cygwin dot com>
On 1/1/2015 4:52 AM, Yaakov Selkowitz wrote:
Marco,
Please add the following patches to mutt:
* For CVE-2014-9116 (see
https://bugzilla.redhat.com/show_bug.cgi?id=1168463 for details):
http://pkgs.fedoraproject.org/cgit/mutt.git/plain/mutt-1.5.23-sendlib.patch
* All programs should use the system ca-certificates instead of bundling
their own (which are usually old, or become so quickly):
http://pkgs.fedoraproject.org/cgit/mutt.git/plain/mutt-1.5.21-cabundle.patch
While you are at it:
* Any reason not to configure with --enable-smtp?
none that I am aware. It was set in that way before I took over
* I just added gpgme to the distro. This can be used in mutt by
installing libgpgme-devel and adding --enable-gpgme to the configure flags.
* Kerberos and SASL support can also be enabled by installing
libkrb5-devel and libsasl2-devel, and adding --enable-gss --enable-sasl
to the configure flags.
added both and and enabled smtp
Yaakov
Regards
Marco