projects / dovecot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: b6de8b6 5906ffc)
Merge version 1:2.4.1+dfsg1-6+rpi1+deb13u3 and 1:2.4.1+dfsg1-6+deb13u6 to produce... trixie-staging archive/raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u6 raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u6
authorRaspbian automatic forward porter <root@raspbian.org>
Sun, 31 May 2026 20:32:40 +0000 (21:32 +0100)
committerRaspbian automatic forward porter <root@raspbian.org>
Sun, 31 May 2026 20:32:40 +0000 (21:32 +0100)
1  2 
debian/changelog patch | diff1 | diff2 | blob | history
debian/rules patch | diff1 | diff2 | blob | history

diff --cc debian/changelog
index 35dcc102f9a049c3149ba274422982484accc54b,65d96f21e80fbb311357c765f56734a95583e8ce..1dd5d97a80c53812f5df85363b9f0b9b041c28e3
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,43 +1,50 @@@
- dovecot (1:2.4.1+dfsg1-6+rpi1+deb13u3) trixie-staging; urgency=medium
++dovecot (1:2.4.1+dfsg1-6+rpi1+deb13u6) trixie-staging; urgency=medium
 +
 +  [changes brought forward from 1:2.3.21+dfsg1-3+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 20 Jun 2024 17:16:27 +0000]
 +  * Disablte testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 17 Mar 2026 14:28:20 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sun, 31 May 2026 20:32:39 +0000
++
+ dovecot (1:2.4.1+dfsg1-6+deb13u6) trixie-security; urgency=medium
+   * Security update (Closes: #1136444)
+   * [76ceed4] CVE-2026-27851: lib-var-expand: Reset safe state when
+     transfer is unset
+   * [4af6fb3] CVE-2026-40016: lib-sieve: Enforce CPU time limit within
+     :contains and :matches matcher loops
+   * [366ef61] CVE-2026-33603: login-common: Only accept base64 in sasl
+   * [26bd41e] CVE-2026-40020: IMAP folders can be shared-spammed to
+     everyone.
+   * [b6f5bac] CVE-2026-42006: imap-login: Excessive memory usage DoS
+  -- Noah Meyerhans <noahm@debian.org>  Mon, 18 May 2026 16:03:51 -0400
+ dovecot (1:2.4.1+dfsg1-6+deb13u5) trixie; urgency=medium
+   * [b357180] autopkgtests: Add managesieved authentication test
+   * [c9d69a1] Fix memory leak in CVE-2026-27857 fix
+  -- Noah Meyerhans <noahm@debian.org>  Wed, 06 May 2026 15:18:43 -0400
+ dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium
+   * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
+     invalid base64 SASL input is received
+   * [fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script
+   * [9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command
+     didn't finish on the first call
+   * [2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql
+     injection
+   * [d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability
+   * [e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack
+   * [b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command
+     parsing
+   * [85dd068] CVE-2026-27858: fix pre-authentication managesieve memory
+     consumption issue
+   * [880e332] CVE-2026-27859: fix uncontrolled resource allocation when
+     delivering specially crafted email messages
+  -- Noah Meyerhans <noahm@debian.org>  Tue, 31 Mar 2026 15:07:17 -0400
  
  dovecot (1:2.4.1+dfsg1-6+deb13u3) trixie; urgency=medium
  
diff --cc debian/rules
Simple merge
Unnamed repository; edit this file 'description' to name the repository.