From: Raspbian automatic forward porter Date: Thu, 28 May 2026 20:27:59 +0000 (+0100) Subject: Merge version 1:2.4.3+dfsg1-2+rpi1 and 1:2.4.4+dfsg1-1 to produce 1:2.4.4+dfsg1-1... X-Git-Tag: archive/raspbian/1%2.4.4+dfsg1-1+rpi1^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4d63f022df0a67ee1bd91944200a0297758c88a9;p=dovecot.git Merge version 1:2.4.3+dfsg1-2+rpi1 and 1:2.4.4+dfsg1-1 to produce 1:2.4.4+dfsg1-1+rpi1 --- 4d63f022df0a67ee1bd91944200a0297758c88a9 diff --cc debian/changelog index a57cdfa,94f48a3..764baa9 --- a/debian/changelog +++ b/debian/changelog @@@ -1,9 -1,25 +1,32 @@@ - dovecot (1:2.4.3+dfsg1-2+rpi1) forky-staging; urgency=medium ++dovecot (1:2.4.4+dfsg1-1+rpi1) forky-staging; urgency=medium + + [changes brought forward from 1:2.3.21+dfsg1-3+rpi1 by Peter Michael Green at Thu, 20 Jun 2024 17:16:27 +0000] + * Disablte testsuite. + - -- Raspbian forward porter Sat, 18 Apr 2026 18:33:51 +0000 ++ -- Raspbian forward porter Thu, 28 May 2026 20:27:58 +0000 ++ + dovecot (1:2.4.4+dfsg1-1) unstable; urgency=medium + + [ Luca Boccassi ] + * [6261bfd] Install and use sysusers.d config file + + [ Noah Meyerhans ] + * [9a7a738] Add tests for bug 1134464 regression + * [6f1a08b] remove unreproducible TEST_DIR in dovecot-config + * [185a225] New upstream version 2.4.4+dfsg1 + - CVE-2026-27851: lib-var-expand: Safe filter leaks to all following pipelines + - CVE-2026-40016: Sieve :contains/:matches O(N×M) Substring Match Bypasses + sieve_max_cpu_time Limit (130× Overrun) + - CVE-2026-33603: login: Base64 input can contain tabs that bypass IPC + protection + - CVE-2026-40020: IMAP folders can be shared-spammed to everyone + - CVE-2026-42006: imap-login: Excessive memory usage DoS + (Closes: #1136444) + * [a6c0328] settings: Use correct symbol STORAGE_LDAP in settings-get.pl + * [874cea7] refresh patches + * [a4af2a3] Fix test failures on 32-bit systems + + -- Noah Meyerhans Thu, 14 May 2026 13:29:38 -0400 dovecot (1:2.4.3+dfsg1-2) unstable; urgency=medium