CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mutt	20.04 LTS focal	Fixed 1.13.2-1ubuntu0.1
	19.10 eoan	Fixed 1.10.1-2.1ubuntu0.1
	18.04 LTS bionic	Fixed 1.9.4-3ubuntu0.2
	16.04 LTS xenial	Fixed 1.5.24-1ubuntu0.3
	14.04 LTS trusty	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
mutt	Upstream: bb0e627 Upstream: 5fccf60 Upstream: f64ec1d

Severity score breakdown

Parameter	Value
Base score	4.8 · Medium
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-4401-1
Mutt vulnerabilities
22 June 2020

Other references

http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
http://www.mutt.org
https://www.cve.org/CVERecord?id=CVE-2020-14154