Security patches not applied to xenial mutt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mutt (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Steve Beattie |
Bug Description
Hi,
The version of mutt in 16.04 LTS (1.5.24-1ubuntu0.1) seems to be missing all ubuntu supplied security patches. In particular, the following list:
ubuntu/
ubuntu/
ubuntu/
ubuntu/
ubuntu/
ubuntu/
ubuntu/
ubuntu/
ubuntu/
...is NOT applied to the standard mutt version, only to the "enhanced" version.
Output of mutt -v shows the list of applied patches (see bottom):
Mutt 1.5.24 (2015-08-30)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 4.15.0-35-generic (x86_64)
ncurses: ncurses 6.0.20160213 (compiled with 6.0)
libidn: 1.32 (compiled with 1.32)
hcache backend: tokyocabinet 1.4.48
Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-
Thread model: posix
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~
Configure options: '--prefix=/usr' '--sysconfdir=/etc' '--mandir=
Compilation CFLAGS: -g -O2 -fstack-
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +USE_SMTP
-USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +COMPRESSED +HAVE_WC_FUNCS +HAVE_LANGINFO_
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
-ISPELL
SENDMAIL=
MAILPATH=
PKGDATADIR=
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER=
To contact the developers, please mail to <email address hidden>.
To report a bug, please visit http://
misc/am-
features/
features/
features/
features/
features/
features/
features/
debian-
debian-
debian-
debian-
debian-
debian-
debian-
debian-
debian-
misc/define-
misc/gpg.
misc/smime.rc.patch
misc/fix-
upstream/
upstream/
upstream/
upstream/
upstream/
upstream/
upstream/
upstream/
upstream/
upstream/
upstream/
translations/
__separator_
It would appear that the maintainer who applied the security patches was insufficiently aware of the hack used to generate the normal and patched versions of the package.
cheers,
Wessel Dankers
Thanks for the report.