-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 31 Mar 2026 15:07:17 -0400
Source: dovecot
Architecture: source
Version: 1:2.4.1+dfsg1-6+deb13u4
Distribution: trixie-security
Urgency: medium
Maintainer: Dovecot Maintainers <dovecot@packages.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Changes:
 dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium
 .
   * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
     invalid base64 SASL input is received
   * [fee7a9a] CVE-2025-59031: stop shipping the decode2text shell script
   * [9a4442e] CVE-2025-59032: managesieve-login: Fix crash when command
     didn't finish on the first call
   * [2711b3e] CVE-2026-24031, CVE-2026-27860: auth: fix ldap and sql
     injection
   * [d30f1c3] CVE-2026-27855: fix OTP authentication reply vulnerability
   * [e1b0ff7] CVE-2026-27856: doveadm: fix timing oracle attack
   * [b8a69bf] CVE-2026-27857: fix resource exhaustion DoS in NOOP command
     parsing
   * [85dd068] CVE-2026-27858: fix pre-authentication managesieve memory
     consumption issue
   * [880e332] CVE-2026-27859: fix uncontrolled resource allocation when
     delivering specially crafted email messages
Checksums-Sha1:
 b3db22b138f9d0cbe40650dbb4d27ecbc9925d65 3977 dovecot_2.4.1+dfsg1-6+deb13u4.dsc
 4b8c74f2802592a42ae4955996217b5cfbba4eeb 100072 dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz
 61891f445e7c17c88ad12aabf684fa84d5592035 7820 dovecot_2.4.1+dfsg1-6+deb13u4_source.buildinfo
Checksums-Sha256:
 cd374992aa78cb41e6ff54dfbe50b40d7cdfea443b880ac493f4f19f30efb3a4 3977 dovecot_2.4.1+dfsg1-6+deb13u4.dsc
 2bb0003b2a1b4dd1afaf0d2cf6d292b81a1cf7ca4ac245a4a00a4bcaa19ae6aa 100072 dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz
 126da75b2a8e358992c1756bd8b205d3c0dae1d97e6d63980b0144ead7e95366 7820 dovecot_2.4.1+dfsg1-6+deb13u4_source.buildinfo
Files:
 b36c92466fd438d45773ccdeff19a74d 3977 mail optional dovecot_2.4.1+dfsg1-6+deb13u4.dsc
 bdd71809776b2e7122b77412089df922 100072 mail optional dovecot_2.4.1+dfsg1-6+deb13u4.debian.tar.xz
 b0afd337f38c77117e9c5288c0a86b1b 7820 mail optional dovecot_2.4.1+dfsg1-6+deb13u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5G+E0xEKhJuZ7RJ34+c1IpshdTUFAmnPFbQACgkQ4+c1Ipsh
dTXYZBAAg4kmqGrTm1w4vibdN7kEccB6hMui6rIu14dUjIIYHsNHqK3BIvBmgRLj
RD246lQsGFo8NisUbWJlfLZ9/OptQFxWd9B+4iZROxuVolgsk4QvM7yPYxld+Sd0
8yx3dnq4Zk355yyG2UrT53LK0UopjL/KDshtcPe3KsED0pGUiWTlVV8aYUKiUbgR
e1iKjCpww1kFdHPeqxIamGsRbj3yG+fhN5CNAuScpl68NucRlG8Z7bR0yTihQDGG
rAcoerZigD+tIzBR+MB96YZoS8fxhvZbTJDxF3UdTrp1KVTA4XuHqSRyryg3AZZg
NtoKxDT6UNx8JuFGE1sC9qvec//dsYIV0kGIWNKcHWZ4OC7xSucIhlGTXfsQSwWn
nqeQxXdqWNJjlspvua2rr9WiGSWX8bBSqy9sJ1TT3KZblh61iv/TU3x/lI9G3x1i
M79j7cXcgg0qEE3ux+4Ao323pFdVog/ed9gvFRk2d4P6hCHguUy4cugOdtSaBQeI
xBXkLpoMLWVDZvjlAaLEYfylCcoJobZmnhID1wgB3L/mRh2I2aK338luByF4iWje
fLJD3cYm14dwUVejadp7RKsBr9/9hLlD2bF7nmFRcy/dCWn2ZPlOG7F61a2ujflp
tWf4/BOm2iSuK8gyFy+Ts0eo2JgNqC0fAc1wDxVw4fNmC5buN64=
=oDHB
-----END PGP SIGNATURE-----