{"affected":[{"ecosystem_specific":{"binaries":[{"neomutt":"20220429-bp154.2.3.1","neomutt-doc":"20220429-bp154.2.3.1","neomutt-lang":"20220429-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"neomutt","purl":"pkg:rpm/suse/neomutt&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20220429-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"neomutt":"20220429-bp154.2.3.1","neomutt-doc":"20220429-bp154.2.3.1","neomutt-lang":"20220429-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"neomutt","purl":"pkg:rpm/opensuse/neomutt&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20220429-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for neomutt fixes the following issues:\n\nneomutt was updated to 20220429:\n\n* Bug Fixes\n* Do not crash on an invalid use_threads/sort combination\n* Fix: stuck browser cursor\n* Resolve (move) the cursor after <edit-label>\n* Index: fix menu size on new mail\n* Don't overlimit LMDB mmap size\n* OpenBSD y/n translation fix\n* Generic: split out OP_EXIT binding\n* Fix parsing of sendmail cmd\n* Fix: crash with menu_move_off=no\n* Newsrc: bugfix; nntp_user and nntp_pass ignored\n* Menu: ensure config changes cause a repaint\n* Mbox: fix sync duplicates\n* Make sure the index redraws all that's needed\n* Translations\n* 100% Chinese (Simplified)\n* 100% Czech\n* 100% German\n* 100% Hungarian\n* 100% Lithuanian\n* 100% Serbian\n* 100% Turkish\n* Docs\n* add missing pattern modifier ~I for external_search_command\n* Code\n* menu: eliminate custom_redraw()\n* modernise mixmaster\n* Kill global and Propagate display attach status through State- \n\nneomutt was updated to 20220415:\n\n* Security\n* Fix uudecode buffer overflow (CVE-2022-1328)\n* Features\n* Colours, colours, colours\n* Bug Fixes\n* Pager: fix pager_stop\n* Merge colours with normal\n* Color: disable mono command\n* Fix forwarding text attachments when honor_disposition is set\n* Pager: drop the nntp change-group bindings\n* Use mailbox_check flags coherently, add IMMEDIATE flag\n* Fix: tagging in attachment list\n* Fix: misalignment of mini-index\n* Make sure to update the menu size after a resort\n* Translations\n* 100% Hungarian\n* Build\n* Update acutest\n* Code\n* Unify pipe functions\n* Index: notify if navigation fails\n* Gui: set colour to be merged with normal\n* Fix: leak in tls_check_one_certificate()\n* Upstream\n* Flush iconv() in mutt_convert_string()\n* Fix integer overflow in mutt_convert_string()\n* Fix uudecode cleanup on unexpected eof\n\nupdate to 20220408:\n\n* Compose multipart emails\n* Fix screen mode after attempting decryption\n* imap: increase max size of oauth2 token\n* Fix autocrypt\n* Unify Alias/Query workflow\n* Fix colours\n* Say which file exists when saving attachments\n* Force SMTP authentication if `smtp_user` is set\n* Fix selecting the right email after limiting\n* Make sure we have enough memory for a new email\n* Don't overwrite with zeroes after unlinking the file\n* Fix crash when forwarding attachments\n* Fix help reformatting on window resize\n* Fix poll to use PollFdsCount and not PollFdsLen\n* regex: range check arrays strictly\n* Fix Coverity defects\n* Fix out of bounds write with long log lines\n* Apply `fast_reply` to 'to', 'cc', or 'bcc'\n* Prevent warning on empty emails\n* New default: `set rfc2047_parameters = yes`\n* 100% German\n* 100% Lithuanian\n* 100% Serbian\n* 100% Czech\n* 100% Turkish\n* 72% Hungarian\n* Improve header cache explanation\n* Improve description of some notmuch variables\n* Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()`\n* Document config synonyms and deprecations\n* Create lots of GitHub Actions\n* Drop TravisCI\n* Add automated Fuzzing tests\n* Add automated ASAN tests\n* Create Dockers for building Centos/Fedora\n* Build fixes for Solaris 10\n* New libraries: browser, enter, envelope\n* New configure options: `--fuzzing` `--debug-color` `--debug-queue`\n* Split Index/Pager GUIs/functions\n* Add lots of function dispatchers\n* Eliminate `menu_loop()`\n* Refactor function opcodes\n* Refactor cursor setting\n* Unify Alias/Query functions\n* Refactor Compose/Envelope functions\n* Modernise the Colour handling\n* Refactor the Attachment View\n* Eliminate the global `Context`\n* Upgrade `mutt_get_field()`\n* Refactor the `color quoted` code\n* Fix lots of memory leaks\n* Refactor Index resolve code\n* Refactor PatternList parsing\n* Refactor Mailbox freeing\n* Improve key mapping\n* Factor out charset hooks\n* Expose mutt_file_seek API\n* Improve API of `strto*` wrappers\n* imap QRESYNC fixes\n* Allow an empty To: address prompt\n* Fix argc==0 handling\n* Don't queue IMAP close commands\n* Fix IMAP UTF-7 for code points >= U+10000\n* Don't include inactive messages in msgset generation\n\nupdate to 20211029 (boo#1185705, CVE-2021-32055):\n\n* Notmuch: support separate database and mail roots without .notmuch\n* fix notmuch crash on open failure\n* fix crypto crash handling pgp keys\n* fix ncrypt/pgp file_get_size return check\n* fix restore case-insensitive header sort\n* fix pager redrawing of long lines\n* fix notmuch: check database dir for xapian dir\n* fix notmuch: update index count after <entire-thread>\n* fix protect hash table against empty keys\n* fix prevent real_subj being set but empty\n* fix leak when saving fcc\n* fix leak after <edit-or-view-raw-message>\n* fix leak after trash to hidden mailbox\n* fix leak restoring postponed emails\n* fix new mail notifications\n* fix pattern compilation error for ( !>(~P) )\n* fix menu display on window resize\n* Stop batch mode emails with no argument or recipients\n* Add sanitize call in print mailcap function\n* fix hdr_order to use the longest match\n* fix (un)setenv to not return an error with unset env vars\n* fix Imap sync when closing a mailbox\n* fix segfault on OpenBSD current\n* sidebar: restore sidebar_spoolfile colour\n* fix assert when displaying a file from the browser\n* fix exec command in compose\n* fix check_stats for Notmuch mailboxes\n* Fallback: Open Notmuch database without config\n* fix gui hook commands on startup\n* threads: implement the $use_threads feature\n* https://neomutt.org/feature/use-threads\n* hooks: allow a -noregex param to folder and mbox hooks\n* mailing lists: implement list-(un)subscribe using RFC2369 headers\n* mailcap: implement x-neomutt-nowrap flag\n* pager: add $local_date_header option\n* imap, smtp: add support for authenticating using XOAUTH2\n* Allow <sync-mailbox> to fail quietly\n* imap: speed up server-side searches\n* pager: improve skip-quoted and skip-headers\n* notmuch: open database with user's configuration\n* notmuch: implement <vfolder-window-reset>\n* config: allow += modification of my_ variables\n* notmuch: tolerate file renames behind neomutt's back\n* pager: implement $pager_read_delay\n* notmuch: validate nm_query_window_timebase\n* notmuch: make $nm_record work in non-notmuch mailboxes\n* compose: add $greeting - a welcome message on top of emails\n* notmuch: show additional mail in query windows\n* imap: fix crash on external IMAP events\n* notmuch: handle missing libnotmuch version bumps\n* imap: add sanity check for qresync\n* notmuch: allow windows with 0 duration\n* index: fix index selection on <collapse-all>\n* imap: fix crash when sync'ing labels\n* search: fix searching by Message-Id in <mark-message>\n* threads: fix double sorting of threads\n* stats: don't check mailbox stats unless told\n* alias: fix crash on empty query\n* pager: honor mid-message config changes\n* mailbox: don't propagate read-only state across reopens\n* hcache: fix caching new labels in the header cache\n* crypto: set invalidity flags for gpgme/smime keys\n* notmuch: fix parsing of multiple type=\n* notmuch: validate $nm_default_url\n* messages: avoid unnecessary opening of messages\n* imap: fix seqset iterator when it ends in a comma\n* build: refuse to build without pcre2 when pcre2 is linked in ncurses\n","id":"openSUSE-SU-2022:10020-1","modified":"2022-06-21T12:01:18Z","published":"2022-06-21T12:01:18Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YAIJ2AOB7KV4ZEDS2ZHBBCKGSPYKSKDI/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184787"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32055"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-1328"}],"related":["CVE-2021-32055","CVE-2022-1328"],"summary":"Security update for neomutt","upstream":["CVE-2021-32055","CVE-2022-1328"]}