[Git][security-tracker-team/security-tracker][master] dovecot, cyborg, swift DSAs

Sun May 31 19:36:50 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
495aaa05 by Moritz Mühlenhoff at 2026-05-31T20:36:06+02:00
dovecot, cyborg, swift DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12390,6 +12390,7 @@ CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an authe
 	NOT-FOR-US: WebPros WHMCS
 CVE-2026-27851 (When safe filter is used with variable expansion, all following pipeli ...)
 	- dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
+	[trixie] - dovecot 1:2.4.1+dfsg1-6+deb13u6
 	[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
 	[bullseye] - dovecot <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,13 @@
+[31 May 2026] DSA-6315-1 cyborg - security update
+	{CVE-2026-40213 CVE-2026-40214}
+	[trixie] - cyborg 14.0.0-3+deb13u1
+[31 May 2026] DSA-6314-1 swift - security update
+	{CVE-2026-49017}
+	[trixie] - swift 2.35.1-0+deb13u2
+[31 May 2026] DSA-6313-1 dovecot - security update
+	{CVE-2026-33603 CVE-2026-40016 CVE-2026-40020 CVE-2026-42006}
+	[bookworm] - dovecot 1:2.3.19.1+dfsg1-2.1+deb12u6
+	[trixie] - dovecot 1:2.4.1+dfsg1-6+deb13u6
 [31 May 2026] DSA-6312-1 symfony - security update
 	{CVE-2024-50340 CVE-2026-45063 CVE-2026-45064 CVE-2026-45065 CVE-2026-45066 CVE-2026-45067 CVE-2026-45068 CVE-2026-45069 CVE-2026-45071 CVE-2026-45072 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-45754 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-48760 CVE-2026-48761 CVE-2026-48784}
 	[trixie] - symfony 6.4.41+dfsg-0+deb13u1


=====================================
data/dsa-needed.txt
=====================================
@@ -26,11 +26,6 @@ chromium (dilinger)
 --
 cups
 --
-cyborg/stable (jmm)
---
-dovecot (jmm)
-  Noah Meyerhans proposing updates for review, wait for exposure in unstable for regressions
---
 expat
 --
 fastnetmon
@@ -112,8 +107,6 @@ runc
 rust-wasmtime
   for CVE-2026-34987 CVE-2026-34971, rest would also be fine to ignore
 --
-swift/stable (jmm)
---
 symfony/oldstable (jmm)
 --
 sympa/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/495aaa053d666fcf40d47c04a5d5a7c6855d9a47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/495aaa053d666fcf40d47c04a5d5a7c6855d9a47
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/2152e166/attachment-0001.htm>
