mutt 2.2.3 released - fixes CVE-2022-1328

[Alan Coopersmith <alan.coopersmith () oracle com>]

https://marc.info/?l=mutt-users&m=164979464612885&w=2 says:

> From: "Kevin J. McCarthy" <kevin () 8t8 ! us>
> Date: Tue, 12 Apr 2022 20:16:44 +0000
> To: mutt-users
> Subject: mutt 2.2.3 released
>
> Hello Mutt Users,
>
> I've just released version 2.2.3.  Instructions for downloading are 
> available at <http://www.mutt.org/download.html>, or the tarball can be 
> directly downloaded from <http://ftp.mutt.org/pub/mutt/>.  Please take 
> the time to verify the signature file against my public key[1].
>
> This is a bug-fix release, addressing CVE-2022-1328: a buffer overread 
> in the uuencoded decoder routine.  For more details please see GitLab 
> ticket 404: <https://gitlab.com/muttmua/mutt/-/issues/404>.  The commit 
> fixing this issue is at 
> <https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5>
>
> Also fixed were a possible integer overflow issue in the general iconv 
> and rfc2047-conversion iconv functions.  These are not believed to be 
> exploitable.
>
> A huge thank you to Tavis Ormandy for reporting these issues, suggesting 
> a patch for the iconv issue, helping test, and providing constructive 
> feedback.  Hurray for the white-hats!
>
> -Kevin
>
> [1]
> My public key is available at:
>    - my personal website: https://www.8t8.us/configs/80316BDA.asc.pubkey
>    - the mutt website: http://www.mutt.org/keys/kevin.key
>    - The keys.openpgp.org network
>      https://keys.openpgp.org/vks/v1/by-fingerprint/8975A9B33AA37910385C5308ADEF768480316BDA

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris