[Git][security-tracker-team/security-tracker][master] Add references for dovecot issues

Sat May 30 09:07:09 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f241a5e4 by Salvatore Bonaccorso at 2026-05-30T10:06:32+02:00
Add references for dovecot issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11775,6 +11775,7 @@ CVE-2026-42045 (LobeHub is a work-and-lifestyle space to find, build, and collab
 CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive bracing ...)
 	- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/da1438c76b797f055d4ad7f0eaa17e5e29ca31ee (2.4.4)
 CVE-2026-41895 (changedetection.io is a free open source web page change detection too ...)
 	NOT-FOR-US: changedetection.io
 CVE-2026-41713 (A malicious user could craft input that is stored in conversation memo ...)
@@ -11934,9 +11935,13 @@ CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to 12.0,
 CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone permissi ...)
 	- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/b7daa4104ff064c1fb549540cc9d96c2d9e2509c (2.4.4)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/20b48c3db5fed7ccaa8e0a4c10ca54f6dc36a63d (2.4.4)
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/1cf6ad1a119e5dace816e401e73ba6cc11d1472e (2.4.4)
 CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve service  ...)
 	- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
+	NOTE: Fixed by: https://github.com/dovecot/pigeonhole/commit/5b0ed9d1034c023d3daf218b6b8656f0cdd383dc (2.4.4)
 CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39432 (Missing Authorization vulnerability in Arraytics Timetics allows Explo ...)
@@ -12084,6 +12089,7 @@ CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365 Customer
 CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between Dovecot a ...)
 	- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
+	NOTE: Fixed by: https://github.com/dovecot/core/commit/c1c53885bda550632b944dd305013cd010e0e058 (2.4.4)
 CVE-2026-33117 (The Java Key Vault Keys library in the Azure SDK for Java contains an  ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-33112 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f241a5e46c2952ecb22cbf46b30b831d526a648b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f241a5e46c2952ecb22cbf46b30b831d526a648b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/132e0fb2/attachment.htm>
