[Git][security-tracker-team/security-tracker][master] Add dovecot mailing list announce reference

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59a47c38 by Salvatore Bonaccorso at 2026-03-28T22:38:13+01:00
Add dovecot mailing list announce reference

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -746,37 +746,47 @@ CVE-2026-4948 (A flaw was found in firewalld. A local unprivileged user can expl
 	TODO: check, needs checking if desktop policy authorization influencing setZoneSettings2 and setPolicySettings is RedHat specific
 CVE-2026-27855 (Dovecot OTP authentication is vulnerable to replay attack under specif ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27855-auth-otp-driver-vulnerable-to-replay-attack
 CVE-2026-27856 (Doveadm credentials are verified using direct comparison which is susc ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27856-doveadm-credentials-verified-without-timing-safety
 CVE-2026-27858 (Attacker can send a specifically crafted message before authentication ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27858-managesieve-login-out-of-memory-dos
 CVE-2026-27857 (Sending "NOOP (((...)))" command with 4000 parenthesis open+close resu ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27857-imap-login-excessive-memory-usage-dos
 CVE-2026-27859 (A mail message containing excessive amount of RFC 2231 MIME parameters ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27859-v3-0-2-regression-message-headers-mime-parameter-parsing-can-cause-excessive-cpu-usage
 CVE-2026-24031 (Dovecot SQL based authentication can be bypassed when auth_username_ch ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-24031-v2-4-v3-1-regression-sql-injection-allows-bypassing-authentication
 CVE-2026-27860 (If auth_username_chars is empty, it is possible to inject arbitrary LD ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27860-v2-4-v3-1-regression-auth-ldap-is-not-escaping-usernames
 CVE-2026-0394 (When dovecot has been configured to use per-domain passwd files, and t ...)
 	- dovecot <unfixed>
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-0394-auth-path-traversal-in-passwd-file-passdb-using-d-domain-escapes-base-directory-and-opens-etc-passwdpre-auth-path-traversal-in-passwd-file-passdb-using-d-domain-escapes-base-directory-and-opens-etc-passwd
 CVE-2025-59031 (Dovecot has provided a script to use for attachment to text conversion ...)
 	- dovecot <unfixed> (unimportant)
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2025-59031-decode2text-sh-ooxml-extraction-may-follow-symlinks-and-read-unintended-files-during-indexing
 	NOTE: decode2text.sh only installed in dovecot-core/examples
 CVE-2025-59032 (ManageSieve AUTHENTICATE command crashes when using literal as SASL in ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2025-59032-v2-4-v3-1-regression-pigeonhole-managesieve-panic-occurs-with-sieve-connect-as-a-client
 CVE-2025-59028 (When sending invalid base64 SASL data, login process is disconnected f ...)
 	- dovecot <unfixed>
+	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2025-59028-invalid-base64-authentication-can-cause-dos-for-other-logins
 CVE-2026-3650 (A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ...)
 	- gdcm <unfixed> (bug #1132042)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a47c3815d602cbffc7df70d5ef6395003a31a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a47c3815d602cbffc7df70d5ef6395003a31a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/7bdc6ef8/attachment-0001.htm>