CVE-2006-5298

Publication date 16 October 2006

Last updated 17 July 2025

Ubuntu priority

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mutt	7.04 feisty	Fixed 1.5.13-1.1ubuntu3
	6.10 edgy	Fixed 1.5.12-1ubuntu1.1
	6.06 LTS dapper	Fixed 1.5.11-3ubuntu2.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-373-1
mutt vulnerabilities
1 November 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-5298