-
mutt (1.10.1-2.1+deb10u6) buster; urgency=medium
* Non-maintainer upload.
* Fix uudecode buffer overflow (CVE-2022-1328) (Closes: #1009734)
-- Salvatore Bonaccorso <email address hidden> Sat, 23 Apr 2022 15:00:14 +0200
-
mutt (1.10.1-2.1+deb10u5) buster-security; urgency=high
* debian/patches:
+ fix for CVE-2021-3181 in security/CVE-2021-3181.patch (Closes: 980326).
-- Antonio Radici <email address hidden> Mon, 25 Jan 2021 19:10:07 +0100
-
mutt (1.10.1-2.1+deb10u4) buster; urgency=medium
* debian/patches:
+ fix for CVE-2020-28896 located in security/CVE-2020-28896.patch.
-- Antonio Radici <email address hidden> Mon, 23 Nov 2020 09:26:09 +0100
-
mutt (1.10.1-2.1+deb10u3) buster; urgency=medium
* debian/patches:
+ added imap-preauth-and-ssh-tunnel.patch from upstream, which does not
check IMAP preauth in SSH tunnels (Closes: 963970)
-- Antonio Radici <email address hidden> Thu, 02 Jul 2020 16:45:23 +0200
-
mutt (1.10.1-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Apply patch from upstream to prevent undefined behaviour when
parsing invalid Content-Disposition mail headers. The atoi() function was
being called on a number which can potentially overflow and thus can have
security implications depending on the atoi() implementation.
(Closes: #929017)
-- Chris Lamb <email address hidden> Sat, 25 May 2019 09:57:12 +0100
-
mutt (1.10.1-2) unstable; urgency=low
[ Jonathan Nieder ]
* debian/patches:
+ added upstream patches for OAUTHBEARER support by Brandon Long
(Closes: #905551).
+ upstream/905551-oauthbearer-imap.patch
+ upstream/905551-oauthbearer-smtp.patch
+ upstream/905551-oauthbearer-refresh.patch
[ Antonio Radici ]
* New release to include the patch above.
-- Antonio Radici <email address hidden> Tue, 07 Aug 2018 09:31:52 +0100
-
mutt (1.10.1-1) unstable; urgency=medium
* New upstream release.
* This release includes important patches to security bugs; especially
important for IMAP and POP users.
-- Antonio Radici <email address hidden> Wed, 18 Jul 2018 22:05:56 +0100
-
mutt (1.10.0-1) unstable; urgency=medium
* New upstream release.
* debian/patches:
+ all patches refreshed.
+ removed patches already upstream:
+ upstream/383769-score-match.patch
+ upstream/fast-imap-flag-handling.patch
+ upstream/imap-poll-timeout.patch
+ upstream/maildir-hash.patch
+ upstream/886104-abort_noattach.patch
-- Antonio Radici <email address hidden> Sun, 27 May 2018 16:23:01 +0100
-
mutt (1.9.5-2) unstable; urgency=medium
* Restore the abort_noattach patch which is upstream but not in the branch
used for the 1.9.5 release (Closes: 895861, 895794).
-- Antonio Radici <email address hidden> Thu, 19 Apr 2018 06:39:19 +0100
-
mutt (1.9.4-3) unstable; urgency=medium
* debian/patches:
+ added upstream/886104-abort_noattach.patch which replaces the patch in
the previous version
-- Antonio Radici <email address hidden> Tue, 13 Mar 2018 21:12:25 +0000
-
mutt (1.9.4-2) unstable; urgency=medium
* debian/patches:
+ added debian-specific/886104-abort_noattach.patch (Closes: 886104).
-- Antonio Radici <email address hidden> Tue, 06 Mar 2018 21:05:29 +0000
-
mutt (1.9.3-1) unstable; urgency=medium
* New upstream release.
-- Antonio Radici <email address hidden> Sat, 27 Jan 2018 21:12:29 +0000
-
mutt (1.9.2-1) unstable; urgency=medium
* New upstream release.
-- Antonio Radici <email address hidden> Sat, 16 Dec 2017 09:13:04 +0000
-
mutt (1.9.1-5) unstable; urgency=medium
* debian/NEWS: adding a more detailed message about the new mailcap behavior
for text/html content.
* debian/{rules,control}: removed any reference to notmuch.
* Bumped Standards-Version to 4.1.1; no changes required.
* debian/patches:
+ rewrote Md.etc_mailname_gethostbyname.patch and renamed it to
882690-use_fqdn_from_etc_mailname.patch (Closes: 882690)
* bumped dh compat to 10, removed B-D on dh_autoreconf (now it's a
dependency of dh).
-- Antonio Radici <email address hidden> Sat, 25 Nov 2017 18:23:05 +0000
-
mutt (1.8.3+neomutt20170609-2) unstable; urgency=medium
* debian/patches:
+ upstream/644992-ipv6-literal.patch removed, already upstream.
+ upstream/771125-CVE-2014-9116-jessie.patch removed, already upstream.
+ upstream/865822-restore-defaults.patch created to set the default values
of variables after they have been set in the init function
(Closes: 865842, 865822).
-- Antonio Radici <email address hidden> Sun, 25 Jun 2017 10:00:09 +0100
