mutt-1.2.5.1 and mutt-1.3.25 have just been released. These releases both fix a security hole which can be remotely exploited. The problem was found and a fix suggested by Joost Pol <[EMAIL PROTECTED]>. Thanks for that.
mutt-1.2.5.1 is released as an update to the last stable version of mutt, mutt-1.2.5. The ONLY relevant change in this version is the fix mentioned above. No other bugs present in 1.2.5 have been fixed. You only want to upgrade to this version of mutt if you absolutely have to stick with the mutt-1.2 series. mutt-1.3.25 is the latest BETA version of mutt, and very close to what will eventually become mutt-1.4. Personally, I'd recommend that you download and use this version. The tar balls, with detached PGP signatures, will be available from <ftp://ftp.mutt.org/pub/mutt/> in some minutes. As an alternative, you can apply the patch available from <ftp://ftp.mutt.org/pub/mutt/patch-1.2,3.rfc822_terminate.1> to any 1.2 or 1.3 series mutt source code, and rebuild. I apologize for the problem, and wish all of you a happy new year. -- Thomas Roessler http://log.does-not-exist.org/
msg22074/pgp00000.pgp
Description: PGP signature
