Index: mail/mutt/Makefile
===================================================================
--- mail/mutt/Makefile
+++ mail/mutt/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	mutt
-DISTVERSION=	1.10.0
-PORTREVISION?=	1
+DISTVERSION=	1.10.1
 CATEGORIES+=	mail ipv6
 MASTER_SITES=	ftp://ftp.mutt.org/pub/mutt/ \
 		ftp://ftp.fu-berlin.de/pub/unix/mail/mutt/ \
Index: mail/mutt/distinfo
===================================================================
--- mail/mutt/distinfo
+++ mail/mutt/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1531128584
-SHA256 (mutt/mutt-1.10.0.tar.gz) = 0215b5f90ef9cc33441a6ca842379b64412ed7f8da83ed68bfaa319179f5535b
-SIZE (mutt/mutt-1.10.0.tar.gz) = 4249980
+TIMESTAMP = 1531761572
+SHA256 (mutt/mutt-1.10.1.tar.gz) = 734a3883158ec3d180cf6538d8bd7f685ce641d2cdef657aa0038f76e79a54a0
+SIZE (mutt/mutt-1.10.1.tar.gz) = 4255890
 SHA256 (mutt/mutt-1.10.0.vc.greeting) = e33b0659290cfbcff0055a5e3ec0762fed7eb76127e0c29cd00586d62cb92df8
 SIZE (mutt/mutt-1.10.0.vc.greeting) = 4560
 SHA256 (mutt/patch-1.10.0.vvv.nntp.gz) = 895c168f00cd073234c6cbb0d6972b5b390c64bf9ee5a13f58e0ea0652cabe4a
Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml
+++ security/vuxml/vuln.xml
@@ -58,6 +58,62 @@
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="a2f35081-8a02-11e8-8fa5-4437e6ad11c4">
+    <topic>mutt -- remote code injection and path traversal vulnerability</topic>
+    <affects>
+      <package>
+	<name>mutt</name>
+	<range><lt>1.10.1</lt></range>
+       </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Kevin J. McCarthy reports:</p>
+	<blockquote cite="http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html">
+	  <p>Fixes a remote code injection vulnerability when "subscribing"
+	     to an IMAP mailbox, either via $imap_check_subscribed, or via the
+	     &lt;subscribe&gt; function in the browser menu.  Mutt was generating a
+	     "mailboxes" command and sending that along to the muttrc parser.
+	     However, it was not escaping "`", which executes code and inserts
+	     the result.  This would allow a malicious IMAP server to execute
+	     arbitrary code (for $imap_check_subscribed).</p>
+	    <p>Fixes POP body caching path traversal vulnerability.</p>
+	    <p>Fixes IMAP header caching path traversal vulnerability.</p>
+	    <p>CVE-2018-14349 - NO Response Heap Overflow</p>
+	    <p>CVE-2018-14350 - INTERNALDATE Stack Overflow</p>
+	    <p>CVE-2018-14351 - STATUS Literal Length relative write</p>
+	    <p>CVE-2018-14352 - imap_quote_string off-by-one stack overflow</p>
+	    <p>CVE-2018-14353 - imap_quote_string int underflow</p>
+	    <p>CVE-2018-14354 - imap_subscribe Remote Code Execution</p>
+	    <p>CVE-2018-14355 - STATUS mailbox header cache directory traversal</p>
+	    <p>CVE-2018-14356 - POP empty UID NULL deref</p>
+	    <p>CVE-2018-14357 - LSUB Remote Code Execution</p>
+	    <p>CVE-2018-14358 - RFC822.SIZE Stack Overflow</p>
+	    <p>CVE-2018-14359 - base64 decode Stack Overflow</p>
+	    <p>CVE-2018-14362 - POP Message Cache Directory Traversal</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2018-14349</cvename>
+      <cvename>CVE-2018-14350</cvename>
+      <cvename>CVE-2018-14351</cvename>
+      <cvename>CVE-2018-14352</cvename>
+      <cvename>CVE-2018-14353</cvename>
+      <cvename>CVE-2018-14354</cvename>
+      <cvename>CVE-2018-14355</cvename>
+      <cvename>CVE-2018-14356</cvename>
+      <cvename>CVE-2018-14357</cvename>
+      <cvename>CVE-2018-14358</cvename>
+      <cvename>CVE-2018-14359</cvename>
+      <cvename>CVE-2018-14362</cvename>
+      <url>http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html</url>
+    </references>
+    <dates>
+      <discovery>2018-07-15</discovery>
+      <entry>2018-07-17</entry>
+    </dates>
+  </vuln>
   <vuln vid="20a1881e-8a9e-11e8-bddf-d017c2ca229d">
     <topic>jenkins -- multiple vulnerabilities</topic>
     <affects>
@@ -172,6 +228,63 @@
     </dates>
   </vuln>
 
+  <vuln vid="a2f35081-8a02-11e8-8fa5-4437e6ad11c4">
+    <topic>mutt -- remote code injection and path traversal vulnerability</topic>
+    <affects>
+      <package>
+	<name>mutt</name>
+	<range><lt>1.10.1</lt></range>
+       </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Kevin J. McCarthy reports:</p>
+	<blockquote cite="http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html">
+	  <p>Fixes a remote code injection vulnerability when "subscribing"
+	     to an IMAP mailbox, either via $imap_check_subscribed, or via the
+	     &lt;subscribe&gt; function in the browser menu.  Mutt was generating a
+	     "mailboxes" command and sending that along to the muttrc parser.
+	     However, it was not escaping "`", which executes code and inserts
+	     the result.  This would allow a malicious IMAP server to execute
+	     arbitrary code (for $imap_check_subscribed).</p>
+	    <p>Fixes POP body caching path traversal vulnerability.</p>
+	    <p>Fixes IMAP header caching path traversal vulnerability.</p>
+	    <p>CVE-2018-14349 - NO Response Heap Overflow</p>
+	    <p>CVE-2018-14350 - INTERNALDATE Stack Overflow</p>
+	    <p>CVE-2018-14351 - STATUS Literal Length relative write</p>
+	    <p>CVE-2018-14352 - imap_quote_string off-by-one stack overflow</p>
+	    <p>CVE-2018-14353 - imap_quote_string int underflow</p>
+	    <p>CVE-2018-14354 - imap_subscribe Remote Code Execution</p>
+	    <p>CVE-2018-14355 - STATUS mailbox header cache directory traversal</p>
+	    <p>CVE-2018-14356 - POP empty UID NULL deref</p>
+	    <p>CVE-2018-14357 - LSUB Remote Code Execution</p>
+	    <p>CVE-2018-14358 - RFC822.SIZE Stack Overflow</p>
+	    <p>CVE-2018-14359 - base64 decode Stack Overflow</p>
+	    <p>CVE-2018-14362 - POP Message Cache Directory Traversal</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2018-14349</cvename>
+      <cvename>CVE-2018-14350</cvename>
+      <cvename>CVE-2018-14351</cvename>
+      <cvename>CVE-2018-14352</cvename>
+      <cvename>CVE-2018-14353</cvename>
+      <cvename>CVE-2018-14354</cvename>
+      <cvename>CVE-2018-14355</cvename>
+      <cvename>CVE-2018-14356</cvename>
+      <cvename>CVE-2018-14357</cvename>
+      <cvename>CVE-2018-14358</cvename>
+      <cvename>CVE-2018-14359</cvename>
+      <cvename>CVE-2018-14362</cvename>
+      <url>http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html</url>
+    </references>
+    <dates>
+      <discovery>2018-07-15</discovery>
+      <entry>2018-07-17</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="ef013039-89cd-11e8-84e9-00e04c1ea73d">
     <topic>typo3 -- multiple vulnerabilities</topic>
     <affects>