Mandriva Linux Security Advisory 2012-048 - Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. The updated packages have been patched to correct this issue.
f39d53e6a1bd858ad8d3e9bea71a663fd9dd6cc3cd6f65b648a939ff4b8ab898