[ubuntu/questing-security] dovecot 1:2.4.1+dfsg1-5ubuntu4.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 2 12:27:53 UTC 2026
dovecot (1:2.4.1+dfsg1-5ubuntu4.2) questing-security; urgency=medium
* SECURITY UPDATE: safe filter issue when used with variable expansion
- debian/patches/CVE-2026-27851.patch: lib-var-expand: Reset safe state when
transfer is unset in src/lib-var-expand/test-var-expand.c, src/lib-var-
expand/var-expand.c.
- CVE-2026-27851
* SECURITY UPDATE: fake SCRAM TLS channel binding via crafted base64
- debian/patches/CVE-2026-33603.patch: login-common: Only accept base64 in
sasl in src/login-common/client-common-auth.c.
- CVE-2026-33603
* SECURITY UPDATE: CPU time limits bypass via sieve script
- debian/patches/CVE-2026-40016.patch: lib-sieve: Enforce CPU time limit
within :contains and :matches matcher loops in pigeonhole/src/lib-
sieve/mcht-contains.c, pigeonhole/src/lib-sieve/mcht-matches.c,
pigeonhole/src/lib-sieve/sieve-interpreter.c, pigeonhole/src/lib-
sieve/sieve-interpreter.h.
- CVE-2026-40016
* SECURITY UPDATE: permission injection via IMAP SETACL command
- debian/patches/CVE-2026-40020-pre1.patch: acl: Add acl_id_is_valid() in
src/plugins/acl/acl-rights.c, src/plugins/acl/acl-rights.h.
- debian/patches/CVE-2026-40020.patch: imap-acl: Fail if ACL identifier is
invalid in src/plugins/imap-acl/imap-acl-plugin.c.
- CVE-2026-40020
* SECURITY UPDATE: memory consumption via excessive bracing over IMAP
- debian/patches/CVE-2026-42006.patch: lib-imap: Fix
imap_parser_params.list_count_limit to actually work in src/lib-imap/imap-
parser.c, src/lib-imap/test-imap-parser.c.
- CVE-2026-42006
Date: 2026-05-28 22:29:10.005489+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/dovecot/1:2.4.1+dfsg1-5ubuntu4.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list