Search for packages
| purl | pkg:deb/debian/neomutt@20250510%2Bdfsg-2~bpo12%2B1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fghw-2zx6-x3fk | In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. |
CVE-2024-49393
|
| VCID-qesx-tb3p-kuhx | In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. |
CVE-2024-49394
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T01:26:06.285166+00:00 | Debian Importer | Fixing | VCID-fghw-2zx6-x3fk | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T23:10:40.131001+00:00 | Debian Importer | Fixing | VCID-qesx-tb3p-kuhx | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |