Hello Mutt Users,I've just released version 1.14.4. Instructions for downloading are available at <http://www.mutt.org/download.html>, or the tarball can be directly downloaded from <http://ftp.mutt.org/pub/mutt/>. Please take the time to verify the signature file against my public key.
This is an important security release fixing a possible machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP. (For packagers, I've requested a CVE and will update the website when I have the number).
Thanks again to Damian Poddebniak and Fabian Ising from the Münster University of Applied Sciences for reporting this issue, including providing exhaustive tests.
-Kevin
signature.asc
Description: PGP signature
