A weakness was discovered in Mutt and NeoMutt's TLS handshake handling
|Package||mail-client/mutt on all architectures|
|Affected versions||< 2.0.2|
|Unaffected versions||>= 2.0.2|
|Package||mail-client/neomutt on all architectures|
|Affected versions||< 20201120|
|Unaffected versions||>= 20201120|
Mutt is a small but very powerful text-based mail client.
NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt with added features.
A weakness in TLS handshake handling was found which may allow information disclosure.
A remote attacker may be able to cause information disclosure.
There is no known workaround at this time.
All Mutt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mutt-2.0.2"
All NeoMutt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/neomutt-20201120"