[SECURITY] [DSA 6313-1] dovecot security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6313-1] dovecot security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 31 May 2026 18:25:27 +0000
Message-id: <[🔎] ahx9FyupjvUZzdpy@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6313-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 31, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
CVE ID         : CVE-2026-33603 CVE-2026-40016 CVE-2026-40020
                 CVE-2026-42006 CVE-2026-27851

Multiple vulnerabilities have been discovered in the Dovecot IMAP server
which way result in denial of service, SQL injection or
man-in-the-midddle attacks

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:2.3.19.1+dfsg1-2.1+deb12u6.

For the stable distribution (trixie), these problems have been fixed in
version 1:2.4.1+dfsg1-6+deb13u6.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmocfNMACgkQEMKTtsN8
Tjaa6g/9H7ZUQVZs6IjWyKWdKrY/o7N+zjA7DTNG8LXPKIX7nQRFoiCrYWUEyVox
tLhrcNYBIoCzg75OiIhI/RGCYf/RDKQWrELpJkJTjMgt/3pmVeuWir/KM1HhWpKt
zAO0XtvrGl2I8Aq1VNzsz5D2htBrGGQfljqal/Vc7EFkASjjsrktqVzMjFkcetlf
AULOrYKmDpYBeD8kcIWxr3JE2PBwsZ3J4Uu1/QMsXHH856+h76kA2TRUN3TzQx4c
VrFuRxPtjIv7OcVIhiyAInNBBG6CJTiz1QaDzFeXpPxTa7ZSIq5AuQdnkI6i9RPR
f1b6VE7uDyB7HBMAr0vmboDmV+d6UpW4DM+QUmDaunuA1leixKXIkGo/Vc1rRRk+
5YGA2Q+kJYiTqeTzzptLYUkswykpQ2ay+OPEobXVIEoSHP7JLT5XmjApW2n6y5Vo
4dVFqYeoECQ2PwxwvWF0T56GM4ghVy9VcEWWAHsb0gJut+7AKNT683syQ+gCYwbR
eS0dkTVnc7XdNS1KU/hkEDfZtP5muxXzYGKfoyTpNo+0ZEbpAeL26R2SIb6TCNMl
EQx16tfH1HF9pV7Y0CKQHnznKsclRbmq0rXUmGZv5rAzkxSrvjmk4YWOxBvbfHLB
CcrVodrkg8puxNcMUuhDho0iHZQgybmzRY1JcPkP2x6eBggLa9E=
=ecAa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6312-1] symfony security update
Next by Date: [SECURITY] [DSA 6314-1] swift security update
Previous by thread: [SECURITY] [DSA 6312-1] symfony security update
Next by thread: [SECURITY] [DSA 6314-1] swift security update
Index(es):
- Date
- Thread