-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Apr 2026 13:58:21 -0400
Source: dovecot
Architecture: source
Version: 1:2.3.19.1+dfsg1-2.1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Changes:
dovecot (1:2.3.19.1+dfsg1-2.1+deb12u2) bookworm-security; urgency=medium
.
* [34fb460] import upstream fixes for several CVEs
- CVE-2025-59031: Remove unsafe decode2text shell script
- CVE-2025-59032: ManageSieve AUTHENTICATE command crashes when using
literal as SASL initial response
- CVE-2026-0394: potential path traversal when configured to use
per-domain passwd
- CVE-2026-27855: OTP driver vulnerable to replay attack.
- CVE-2026-27856: Doveadm credentials were not checked using
timing-safe checking function
- CVE-2026-27857: Sending excessive parenthesis causes imap-login to
use excessive memory
- CVE-2026-27858: managesieve-login can allocate large amount of
memory during authentication
- CVE-2026-27859: Excessive RFC 2231 MIME parameters in email would
cause excessive CPU usage
Checksums-Sha1:
742b204659e4a91420f807331d15728c063631e1 4198 dovecot_2.3.19.1+dfsg1-2.1+deb12u2.dsc
6a018dfeb06f3f7814cfc93128cc192478f60b60 85660 dovecot_2.3.19.1+dfsg1-2.1+deb12u2.debian.tar.xz
dc7b13f2d42fa414f8526f9d9767444befe3bdbb 8251 dovecot_2.3.19.1+dfsg1-2.1+deb12u2_source.buildinfo
Checksums-Sha256:
68052939d455ef97a4ddef10708a2d7852c7a4b281b3ae8349b04501c28e0f1e 4198 dovecot_2.3.19.1+dfsg1-2.1+deb12u2.dsc
9f00a953617ddf479f63e6e8174f3f1aa9f59ffef2e8e5d429e3f953da806dae 85660 dovecot_2.3.19.1+dfsg1-2.1+deb12u2.debian.tar.xz
a718f932d9064af8812596c06ae03b0133466cb8647c7295b295e7be0ee040ac 8251 dovecot_2.3.19.1+dfsg1-2.1+deb12u2_source.buildinfo
Files:
d2223126495f1901215a0043d9032863 4198 mail optional dovecot_2.3.19.1+dfsg1-2.1+deb12u2.dsc
45ffbf69eaf6296484cb05d062534392 85660 mail optional dovecot_2.3.19.1+dfsg1-2.1+deb12u2.debian.tar.xz
09dbfb95e29182fec05d0eb3b7510abc 8251 mail optional dovecot_2.3.19.1+dfsg1-2.1+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE5G+E0xEKhJuZ7RJ34+c1IpshdTUFAmnQMnAACgkQ4+c1Ipsh
dTUSIA/+Me3wXHALEBoWRF/Zz648EF4/vmo2beXsSvjXyH5cK0Qfr4A6aJXANDpW
C1qbJ35d6T39US0jQC7EgK5Q0KELtXo8gdMIidovGj+64dZ1s56cduJzdaUYFFbp
7z+S+MRF29LGSHWbngkpqTvZfDCQ45IaPVV31HiDQmTn8MIT7PYVtbYfbRgdA+nD
YReRkOKMIbTRYLLPDT6KeQc/ucKUvLNNVscPGtHDix8YXU2jSMpFP8OfbQcsOzdU
Bq91N/cW6aBA0i7pQomx23XJV+PdySZKmp6YBgld/jn3D5YLuYw62497Oh1bISTd
Xqw8P/Hq0WIfvSgIzZjwmxDwUfTjAvMUlpSPL1uDQDFNDjrLzi5jeXaFqQjGKMJx
8M3pAYkU7BZ35roaHzQKZnsZxtntfIPx5o+58Mep1kHvyB0CW+2WEmn6lNE12gB9
s8xZ9q4Wt6l03QfAfpw/IcKIvnD3GCcC2lEEApaomVCWBoikjbX7CIjqtlCsea9S
fY7TiEHpWM2ipLBtf6Wr4MUAH2t9xFRtD46nf3b8Q49qpS3/7hDiVQ0ymrw7gMLS
j8H24JcqANwFp7WfLV7ORoiBCjxTMJIla96niPBAEOQsU5iyZare5+E/FdnTXT8t
I8PCAjjMTwf7k6nUHfQe1b6K1sbeGAm/9t+psR1M2kYK4R0sA4E=
=y7Et
-----END PGP SIGNATURE-----
