Merge version 1:2.4.1+dfsg1-6+rpi1+deb13u3 and 1:2.4.1+dfsg1-6+deb13u4 to produce...

diff --cc debian/changelog
index 35dcc102f9a049c3149ba274422982484accc54b,fdccfe1c53ed34b3853f9fb8185abab982c328ac..72f112be348540d8c6c6dd182179ba873c7ed4dd
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,22 +1,29 @@@
- dovecot (1:2.4.1+dfsg1-6+rpi1+deb13u3) trixie-staging; urgency=medium
++dovecot (1:2.4.1+dfsg1-6+rpi1+deb13u4) trixie-staging; urgency=medium
 +
 +  [changes brought forward from 1:2.3.21+dfsg1-3+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 20 Jun 2024 17:16:27 +0000]
 +  * Disablte testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 17 Mar 2026 14:28:20 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 09 Apr 2026 19:39:00 +0000
++
+ dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium
+ 
+   * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
+     invalid base64 SASL input is received
+   * [fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script
+   * [9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command
+     didn't finish on the first call
+   * [2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql
+     injection
+   * [d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability
+   * [e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack
+   * [b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command
+     parsing
+   * [85dd068] CVE-2026-27858: fix pre-authentication managesieve memory
+     consumption issue
+   * [880e332] CVE-2026-27859: fix uncontrolled resource allocation when
+     delivering specially crafted email messages
+ 
+  -- Noah Meyerhans <noahm@debian.org>  Tue, 31 Mar 2026 15:07:17 -0400
  
  dovecot (1:2.4.1+dfsg1-6+deb13u3) trixie; urgency=medium
  

diff --cc debian/rules
Simple merge