[Git][security-tracker-team/security-tracker][master] update dovecot references

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
521c440f by Moritz Muehlenhoff at 2026-04-05T15:22:08+02:00
update dovecot references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4003,19 +4003,30 @@ CVE-2026-27855 (Dovecot OTP authentication is vulnerable to replay attack under
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27855-auth-otp-driver-vulnerable-to-replay-attack
 	NOTE: Fixed by: https://github.com/dovecot/core/commit/912470570dee2b4c43bb837ff333196a6c76c9a7 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/5d2384a57f2389ff4b76dee69264fdc88617e5c7 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/d9141e295eb414ce4b1e20973f91c79567f69cc8 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/8d87c0d3a0d1d7c9581dc97015d76b4ef90f7319	(2.4.3)
 CVE-2026-27856 (Doveadm credentials are verified using direct comparison which is susc ...)
 	- dovecot 1:2.4.3+dfsg1-1
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27856-doveadm-credentials-verified-without-timing-safety
 	NOTE: Fixed by: https://github.com/dovecot/core/commit/1864d4890499bc2b29fa1b62fe04073dd2bf0c57 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/b3fb5b342ad04dba1239a043206beda2bf14be9d (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/8a0cde2a22d872853166f2d383b350aa4ca4974a (2.4.3)
 CVE-2026-27858 (Attacker can send a specifically crafted message before authentication ...)
 	- dovecot 1:2.4.3+dfsg1-1
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27858-managesieve-login-out-of-memory-dos
+	NOTE: Fixed by: https://github.com/dovecot/pigeonhole/commit/54f645225a8a7911d7e16e9d50f170d217b0be95 (2.4.3)
 CVE-2026-27857 (Sending "NOOP (((...)))" command with 4000 parenthesis open+close resu ...)
 	- dovecot 1:2.4.3+dfsg1-1
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27857-imap-login-excessive-memory-usage-dos
+	NOTE: Fixed by: https://github.com/dovecot/pigeonhole/commit/5701db04455ee4d8e927d0b225634780a9b656b4 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/825bc297f87b856992aa14beac596ec838248210 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/d0f67b52914565a35f3817335ab9633cb291513c (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/af1fb4da5c1c5c458dc1d54dee3aefde6d3aa835 (2.4.3)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/3435e0d44c131eb1046a84fd83798f1e101b725e (2.4.3)
 CVE-2026-27859 (A mail message containing excessive amount of RFC 2231 MIME parameters ...)
 	- dovecot 1:2.4.3+dfsg1-1
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521c440f4f15f73e659cd764831a9bbf9d4c103d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521c440f4f15f73e659cd764831a9bbf9d4c103d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260405/21c7ca7c/attachment.htm>