[Git][security-tracker-team/security-tracker][master] more dovecot commit references

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 30 16:22:53 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0835a2e2 by Moritz Muehlenhoff at 2026-03-30T17:22:46+02:00
more dovecot commit references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -906,10 +906,12 @@ CVE-2026-27855 (Dovecot OTP authentication is vulnerable to replay attack under
 	- dovecot <unfixed>
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27855-auth-otp-driver-vulnerable-to-replay-attack
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/912470570dee2b4c43bb837ff333196a6c76c9a7 (2.4.3)
 CVE-2026-27856 (Doveadm credentials are verified using direct comparison which is susc ...)
 	- dovecot <unfixed>
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/
 	NOTE: https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html#cve-2026-27856-doveadm-credentials-verified-without-timing-safety
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/1864d4890499bc2b29fa1b62fe04073dd2bf0c57 (2.4.3)
 CVE-2026-27858 (Attacker can send a specifically crafted message before authentication ...)
 	- dovecot <unfixed>
 	NOTE: https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/IKIHZX77IPTGSP5WBIPJUOFBUQFKVPE7/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0835a2e29943b7b43c5254965003683bc14578a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0835a2e29943b7b43c5254965003683bc14578a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/aecd2b90/attachment.htm>

More information about the debian-security-tracker-commits mailing list