Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4806

[SECURITY] [DSA 6197-3] dovecot regression update

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6197-3] dovecot regression update
Date 2026-05-01 16:40 +0200
Message-ID <MPXc5-1N8p-3@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6197-3                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 01, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
Debian Bug     : 1134464

The oldstable (bookworm) backport of the security fix for CVE-2026-0394
introduced a regression in the passwd-file path normalization. Updated
packages are now available to correct this issue.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1:2.3.19.1+dfsg1-2.1+deb12u4.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmn0uSNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rd+Q/+LDZwFyNMmF+a0l0MiYPO8dmo+Vyb3XYE5IvEs2f4hZDfknccz07xLp+T
J/mL3zLkIK9zTICol3dkgSy8iS7klSmINm3r6jbrOpSpaY+xvFSIt9PwuBn5HAJk
D3fk069dWFiNJTY+Zx2ibp35OHGUla5xfSJdJbskO71DvxHdf7mE2rDgZT9GycDL
KWhFJuQFqVka7Td1C7JhuT7oEAT1RWY5G+xDt/9GRqzJ6hMt8YIpJmskwi3DsuzC
tf42qeMHPgJh3iMSreNNYbd4OgDLnujxgEtEez3iIslblAgTlJjyCN3T80emJWZ1
YJA8wNTsdEaViZWN3v1O91gtDT2sVdhHR5cxxuAEZryuooppFAbojiHKkamREeS8
3lGwiHVBcEmjH698mD1+kHUmIYPYpMdTHzEE9vc8NJ6aUT3QTcAT4WCZa/tZB287
zD9FM8t2+Bf6H+wUlJG6a7pGJICSBMTWTPr3saUvvaWdK2mD1+RVBfdcZBCoRiZM
Bsu5CUjJwPwVGwUvkjwIqVHjvUEJxIcJsDuaqa3NcjUa2u5OJPwdGvpaf3XlBx/d
cGrbaxwCyoW54CWKdPSBY9gYMiWa/21R4Rl5dzQJ4uEvLqUp0BuwEIxm2wppEg7z
xKDsULZp+FSEy1QvfC5N+gc3YSRUYPrM9dNElLkhP1IbOsiPhJU=
=FUON
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6197-3] dovecot regression update Salvatore Bonaccorso <carnil@debian.org> - 2026-05-01 16:40 +0200

csiph-web