{"affected":[{"ecosystem_specific":{"binaries":[{"mutt":"1.10.1-3.8.1","mutt-doc":"1.10.1-3.8.1","mutt-lang":"1.10.1-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"mutt","purl":"pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.1-3.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mutt":"1.10.1-3.8.1","mutt-doc":"1.10.1-3.8.1","mutt-lang":"1.10.1-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP2","name":"mutt","purl":"pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.1-3.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mutt":"1.10.1-3.8.1","mutt-doc":"1.10.1-3.8.1","mutt-lang":"1.10.1-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"mutt","purl":"pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.1-3.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mutt":"1.10.1-3.8.1","mutt-doc":"1.10.1-3.8.1","mutt-lang":"1.10.1-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"mutt","purl":"pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.1-3.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mutt":"1.10.1-3.8.1","mutt-doc":"1.10.1-3.8.1","mutt-lang":"1.10.1-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"mutt","purl":"pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.1-3.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mutt":"1.10.1-3.8.1","mutt-doc":"1.10.1-3.8.1","mutt-lang":"1.10.1-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"mutt","purl":"pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.1-3.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mutt fixes the following issues:\n\n- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was \n  affecting IMAP, SMTP, and POP3 (bsc#1173197).\n- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).\n- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was \n  proceeding with a connection (bsc#1172906, bsc#1172935). \n","id":"SUSE-SU-2020:1771-1","modified":"2020-06-26T06:04:41Z","published":"2020-06-26T06:04:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20201771-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172935"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173197"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14093"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14954"}],"related":["CVE-2020-14093","CVE-2020-14154","CVE-2020-14954"],"summary":"Security update for mutt","upstream":["CVE-2020-14093","CVE-2020-14154","CVE-2020-14954"]}