Alejandro Colomar via Mutt-dev wrote in <rqwlwaj5fzwjmp3kuaodqemh5gjldxovuo6l5g5gjajetdrnxn@h7r6iay6d453>: |Hi, | |There are 3 new CVEs that affect both neomutt(1) and mutt(1). | |<https://www.cve.org/CVERecord?id=CVE-2024-49393> | <https://github.com/neomutt/neomutt/issues/4223> |<https://www.cve.org/CVERecord?id=CVE-2024-49394> | <https://github.com/neomutt/neomutt/issues/4226> |<https://www.cve.org/CVERecord?id=CVE-2024-49395> | <https://github.com/neomutt/neomutt/issues/4234> | |The first two are already fixed in neomutt(1). The third one is not yet |fixed.
That latter one is interesting as the person who wrote the S/MIME part of the MUA i maintain now (since a decade after that addition) did not even bother to support that encrypt-for-multiple-at-once mode, but only supported individual encryption to each encrypted email receiver; ie, individual message creation and sendout per-receiver, then. (And that, in turn, seems to become the default even on SMTP level if the fastmail CEO gets through his DKIM2, or, lesser likely, that Google employee gets through his "resistant ARC". The MUA i maintain will, shall i live long enough, at one day support that mode mutt already supports, too.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |And in Fall, feel "The Dropbear Bard"s ball(s). | |The banded bear |without a care, |Banged on himself fore'er and e'er | |Farewell, dear collar bear
