-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2026 13:29:38 -0400 Source: dovecot Architecture: source Version: 1:2.4.4+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Dovecot Maintainers <dovecot@packages.debian.org> Changed-By: Noah Meyerhans <noahm@debian.org> Closes: 1136444 Changes: dovecot (1:2.4.4+dfsg1-1) unstable; urgency=medium . [ Luca Boccassi ] * [6261bfd] Install and use sysusers.d config file . [ Noah Meyerhans ] * [9a7a738] Add tests for bug 1134464 regression * [6f1a08b] remove unreproducible TEST_DIR in dovecot-config * [185a225] New upstream version 2.4.4+dfsg1 - CVE-2026-27851: lib-var-expand: Safe filter leaks to all following pipelines - CVE-2026-40016: Sieve :contains/:matches O(N×M) Substring Match Bypasses sieve_max_cpu_time Limit (130× Overrun) - CVE-2026-33603: login: Base64 input can contain tabs that bypass IPC protection - CVE-2026-40020: IMAP folders can be shared-spammed to everyone - CVE-2026-42006: imap-login: Excessive memory usage DoS (Closes: #1136444) * [a6c0328] settings: Use correct symbol STORAGE_LDAP in settings-get.pl * [874cea7] refresh patches * [a4af2a3] Fix test failures on 32-bit systems Checksums-Sha1: 8bdc35fb13ea58441d19ef13429df50173b33d85 4066 dovecot_2.4.4+dfsg1-1.dsc 26809d561ac52a37dcfcb2b4691d64a1bf3b86a0 1882495 dovecot_2.4.4+dfsg1.orig-pigeonhole.tar.gz edc64893e07963a6537ed36ab3dc51a22a146326 8250124 dovecot_2.4.4+dfsg1.orig.tar.gz e4c1d8d48db29d8a4ae3eaf04d101f2869fd5324 228 dovecot_2.4.4+dfsg1.orig.tar.gz.asc e5a2d7077296522c09ce31469e9f156837b09a05 87832 dovecot_2.4.4+dfsg1-1.debian.tar.xz 150f3223efebeb46d76d89dcfd481e1d9c11f61e 8012 dovecot_2.4.4+dfsg1-1_source.buildinfo Checksums-Sha256: f555a338653c4eacbe3e18f7ede481f88317660791a7f5175696c5574d48fde8 4066 dovecot_2.4.4+dfsg1-1.dsc 57cd7cbde02561622de42f281e52be8c31c50be49dd9a057a05718fc24b64e2d 1882495 dovecot_2.4.4+dfsg1.orig-pigeonhole.tar.gz 670f98d55a29b02ae6a97281e51374e553b94496480ab0a07439571ab30ca8c3 8250124 dovecot_2.4.4+dfsg1.orig.tar.gz 243d1fa56d12e99fd9c62fcc59f3271326082076c22e0fa091efe7effd52ba52 228 dovecot_2.4.4+dfsg1.orig.tar.gz.asc e78c0ad0f822e1db58bc58c6d3db01d53ba04c96dca404ae69fe265fb4c3db2c 87832 dovecot_2.4.4+dfsg1-1.debian.tar.xz 406f24fe2d5f0bbbf487882b9c5ec5241229ccd39aa7548e2cb2e7765463711d 8012 dovecot_2.4.4+dfsg1-1_source.buildinfo Files: daceaa6840140fd337cd0887c43e9aa9 4066 mail optional dovecot_2.4.4+dfsg1-1.dsc 2c72bf32b9bf6678afbc1d6cdf568d9d 1882495 mail optional dovecot_2.4.4+dfsg1.orig-pigeonhole.tar.gz 1cfdb796f726dff687b6431a3b6012c3 8250124 mail optional dovecot_2.4.4+dfsg1.orig.tar.gz b2529ec59b0e2c0412b1da91088b6e7d 228 mail optional dovecot_2.4.4+dfsg1.orig.tar.gz.asc 0684fe509d31af9cbbbcc5982c8fbe7f 87832 mail optional dovecot_2.4.4+dfsg1-1.debian.tar.xz 435e51200ab3d73ff21917be0f7bfc00 8012 mail optional dovecot_2.4.4+dfsg1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5G+E0xEKhJuZ7RJ34+c1IpshdTUFAmoHQ30ACgkQ4+c1Ipsh dTVjHQ/9EffGaC4p8/9KliRf3nt2TEGz8Jmgbh//fRWcJq4Xb4+ZfCO/R7mrs5O5 rdbhh9LtKW6IZnPVcMjTLTYt/UZqAdsmHgmJDPqXU8jDCxJcSUm5hU0jJqlrWeiI a3whuApNMbmIOel9gZAxSe6294RyQR9MD+aNpswOk2bTXIImHkUt1vLFp5tI2C/9 VcuEMvpe6oAoz4vBeSrmo58fSmo8r3Xmb0R/MSloYLXyT61ltblLfJE3gKIlK3MV RDB1mCBqyIM/iQCuXb0qKJp3fjeNA2Kajemp1VC0Xa1koDp60g42ZjMTiLQYVXue qLNsk/WMMYyb5GodN/1ocUPweid2vzZnYd0ivEO1W7b9LFGuu1tZYdY/7Vf2wYc/ 2Po3r8OA+5Kack/PHBuUk2hHUxe32MshqIP6gh3J30Ky78aQcl3Zfd98wKrNzdN1 0yrGzsHvqZOxZ7vNqoRgaSyOiQ1tvaVOF6iS7vQ0WNWje3/5FSMST//suydcYY50 qbpzKWITy8CgJI456UBO05FrFURKSsB8hdMdfg6G2Iy6qMHBMHeRGbcddL45A9aA AbNslA64mj4yFPgh9qL0D7uysIwMFBtCeRnX2a411IuXNIHD5gVZRW+N8IwtN5Nu 6Xrj2LtpF/6WHNkgA++A5z+MplqvBuTwGrHlMSK1cKzNEEPMNmo= =pSev -----END PGP SIGNATURE-----
