dgit.raspbian.org Git - dovecot.git/log

dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium

  * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
    invalid base64 SASL input is received
  * [fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script
  * [9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command
    didn't finish on the first call
  * [2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql
    injection
  * [d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability
  * [e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack
  * [b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command
    parsing
  * [85dd068] CVE-2026-27858: fix pre-authentication managesieve memory
    consumption issue
  * [880e332] CVE-2026-27859: fix uncontrolled resource allocation when
    delivering specially crafted email messages

[dgit import unpatched dovecot 1:2.4.1+dfsg1-6+deb13u4]

Import dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz

[dgit import tarball dovecot 1:2.4.1+dfsg1-6+deb13u4 dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz]

Import dovecot_2.4.1+dfsg1.orig.tar.gz

[dgit import orig dovecot_2.4.1+dfsg1.orig.tar.gz]

Import dovecot_2.4.1+dfsg1.orig-pigeonhole.tar.gz

[dgit import orig dovecot_2.4.1+dfsg1.orig-pigeonhole.tar.gz]