From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 19 May 2026 21:45:11 +0000 (+0100)
Subject: Merge version 1:2.4.1+dfsg1-6+rpi1+deb13u3 and 1:2.4.1+dfsg1-6+deb13u5 to produce... 
X-Git-Tag: archive/raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u5^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ca1069e69ffa933a9b837b31b99b7902673af4d2;p=dovecot.git

Merge version 1:2.4.1+dfsg1-6+rpi1+deb13u3 and 1:2.4.1+dfsg1-6+deb13u5 to produce 1:2.4.1+dfsg1-6+rpi1+deb13u5
---

ca1069e69ffa933a9b837b31b99b7902673af4d2
diff --cc debian/changelog
index 35dcc10,a68cb29..025edd4
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,29 +1,36 @@@
- dovecot (1:2.4.1+dfsg1-6+rpi1+deb13u3) trixie-staging; urgency=medium
++dovecot (1:2.4.1+dfsg1-6+rpi1+deb13u5) trixie-staging; urgency=medium
 +
 +  [changes brought forward from 1:2.3.21+dfsg1-3+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 20 Jun 2024 17:16:27 +0000]
 +  * Disablte testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 17 Mar 2026 14:28:20 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 19 May 2026 21:45:11 +0000
++
+ dovecot (1:2.4.1+dfsg1-6+deb13u5) trixie; urgency=medium
+ 
+   * [b357180] autopkgtests: Add managesieved authentication test
+   * [c9d69a1] Fix memory leak in CVE-2026-27857 fix
+ 
+  -- Noah Meyerhans <noahm@debian.org>  Wed, 06 May 2026 15:18:43 -0400
+ 
+ dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium
+ 
+   * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
+     invalid base64 SASL input is received
+   * [fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script
+   * [9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command
+     didn't finish on the first call
+   * [2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql
+     injection
+   * [d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability
+   * [e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack
+   * [b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command
+     parsing
+   * [85dd068] CVE-2026-27858: fix pre-authentication managesieve memory
+     consumption issue
+   * [880e332] CVE-2026-27859: fix uncontrolled resource allocation when
+     delivering specially crafted email messages
+ 
+  -- Noah Meyerhans <noahm@debian.org>  Tue, 31 Mar 2026 15:07:17 -0400
  
  dovecot (1:2.4.1+dfsg1-6+deb13u3) trixie; urgency=medium