-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Mar 2026 15:07:17 -0400 Source: dovecot Architecture: source Version: 1:2.4.1+dfsg1-6+deb13u4 Distribution: trixie-security Urgency: medium Maintainer: Dovecot Maintainers <[email protected]> Changed-By: Noah Meyerhans <[email protected]> Changes: dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium . * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when invalid base64 SASL input is received * [fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script * [9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command didn't finish on the first call * [2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql injection * [d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability * [e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack * [b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command parsing * [85dd068] CVE-2026-27858: fix pre-authentication managesieve memory consumption issue * [880e332] CVE-2026-27859: fix uncontrolled resource allocation when delivering specially crafted email messages Checksums-Sha1: b3db22b138f9d0cbe40650dbb4d27ecbc9925d65 3977 dovecot_2.4.1+dfsg1-6+deb13u4.dsc 4b8c74f2802592a42ae4955996217b5cfbba4eeb 100072 dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz 61891f445e7c17c88ad12aabf684fa84d5592035 7820 dovecot_2.4.1+dfsg1-6+deb13u4_source.buildinfo Checksums-Sha256: cd374992aa78cb41e6ff54dfbe50b40d7cdfea443b880ac493f4f19f30efb3a4 3977 dovecot_2.4.1+dfsg1-6+deb13u4.dsc 2bb0003b2a1b4dd1afaf0d2cf6d292b81a1cf7ca4ac245a4a00a4bcaa19ae6aa 100072 dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz 126da75b2a8e358992c1756bd8b205d3c0dae1d97e6d63980b0144ead7e95366 7820 dovecot_2.4.1+dfsg1-6+deb13u4_source.buildinfo Files: b36c92466fd438d45773ccdeff19a74d 3977 mail optional dovecot_2.4.1+dfsg1-6+deb13u4.dsc bdd71809776b2e7122b77412089df922 100072 mail optional dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz b0afd337f38c77117e9c5288c0a86b1b 7820 mail optional dovecot_2.4.1+dfsg1-6+deb13u4_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5G+E0xEKhJuZ7RJ34+c1IpshdTUFAmnPFbQACgkQ4+c1Ipsh dTXYZBAAg4kmqGrTm1w4vibdN7kEccB6hMui6rIu14dUjIIYHsNHqK3BIvBmgRLj RD246lQsGFo8NisUbWJlfLZ9/OptQFxWd9B+4iZROxuVolgsk4QvM7yPYxld+Sd0 8yx3dnq4Zk355yyG2UrT53LK0UopjL/KDshtcPe3KsED0pGUiWTlVV8aYUKiUbgR e1iKjCpww1kFdHPeqxIamGsRbj3yG+fhN5CNAuScpl68NucRlG8Z7bR0yTihQDGG rAcoerZigD+tIzBR+MB96YZoS8fxhvZbTJDxF3UdTrp1KVTA4XuHqSRyryg3AZZg NtoKxDT6UNx8JuFGE1sC9qvec//dsYIV0kGIWNKcHWZ4OC7xSucIhlGTXfsQSwWn nqeQxXdqWNJjlspvua2rr9WiGSWX8bBSqy9sJ1TT3KZblh61iv/TU3x/lI9G3x1i M79j7cXcgg0qEE3ux+4Ao323pFdVog/ed9gvFRk2d4P6hCHguUy4cugOdtSaBQeI xBXkLpoMLWVDZvjlAaLEYfylCcoJobZmnhID1wgB3L/mRh2I2aK338luByF4iWje fLJD3cYm14dwUVejadp7RKsBr9/9hLlD2bF7nmFRcy/dCWn2ZPlOG7F61a2ujflp tWf4/BOm2iSuK8gyFy+Ts0eo2JgNqC0fAc1wDxVw4fNmC5buN64= =oDHB -----END PGP SIGNATURE-----
pgp7XJEBGgDQJ.pgp
Description: PGP signature
