-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 May 2026 14:11:58 -0400
Source: dovecot
Binary: dovecot-auth-lua dovecot-auth-lua-dbgsym dovecot-core dovecot-core-dbgsym dovecot-dev dovecot-gssapi dovecot-gssapi-dbgsym dovecot-imapd dovecot-imapd-dbgsym dovecot-ldap dovecot-ldap-dbgsym dovecot-lmtpd dovecot-lmtpd-dbgsym dovecot-lucene dovecot-lucene-dbgsym dovecot-managesieved dovecot-managesieved-dbgsym dovecot-mysql dovecot-mysql-dbgsym dovecot-pgsql dovecot-pgsql-dbgsym dovecot-pop3d dovecot-pop3d-dbgsym dovecot-sieve dovecot-sieve-dbgsym dovecot-solr dovecot-solr-dbgsym dovecot-sqlite dovecot-sqlite-dbgsym dovecot-submissiond dovecot-submissiond-dbgsym
Architecture: amd64
Version: 1:2.3.19.1+dfsg1-2.1+deb12u6
Distribution: bookworm-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Description:
 dovecot-auth-lua - secure POP3/IMAP server - Lua authentication plugin
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
 dovecot-submissiond - secure POP3/IMAP server - mail submission agent
Closes: 1136444
Changes:
 dovecot (1:2.3.19.1+dfsg1-2.1+deb12u6) bookworm-security; urgency=medium
 .
   * Security update (Closes: #1136444)
   * [1d0162a] autopkgtest: test cram-md5 authentication
   * [d4eed2a] CVE-2026-40016: Sieve :contains/:matches O(N×M) Substring
     Match Bypasses sieve_max_cpu_time Limit (130× Overrun)
   * [898776c] CVE-2026-33603: login: Base64 input can contain tabs that
     bypass IPC protection
   * [fe76a7b] CVE-2026-40020: IMAP folders can be shared-spammed to everyone
   * [ce379ba] CVE-2026-42006: imap-login: Excessive memory usage DoS
Checksums-Sha1:
 950100a0534341acf401586f37f93568a67d2b23 33688 dovecot-auth-lua-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 37b71d9dffdff5d8eefe0477c424b2bff411734e 1367520 dovecot-auth-lua_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 674082945bd4aae463ef128aeeff0cf51d8529fe 10572784 dovecot-core-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 9ad58a809696a097e370c9b2da14f25730e6b6a8 4487008 dovecot-core_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 08461c736e76c15067b427aa4858b71e87d0fd07 1744120 dovecot-dev_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 25c0fc564073f8f012090658178277c5247a8c09 21776 dovecot-gssapi-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 5e672c15b3cb3d38ca026bb6886fb14a0c2dd8ee 1363484 dovecot-gssapi_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 eb02df148620dbd9630704533c574e4f49089651 732676 dovecot-imapd-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 7edd4a11928af477998eb01a0d26d166af338158 1528716 dovecot-imapd_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 0eda0097b6000143afb4dfdc956368f2c211c702 122136 dovecot-ldap-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 5ace0fe087fff8e35762a724659f31f2a8d2955a 1394412 dovecot-ldap_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 b988a84debc94fad36d4d9d2aee2df61ab3ead4c 93144 dovecot-lmtpd-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 fdaa88fee87f14b835615f035105c7eb5fcbd49f 1379096 dovecot-lmtpd_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 1b197a236004cdf0f0bcbbd0cf84314bc5b13a3c 154572 dovecot-lucene-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3fe9076ecde2e46b87e3a82541f1fd4da14f06d6 1383012 dovecot-lucene_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 6259844208022476b24bbd82159295273e263640 164184 dovecot-managesieved-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 8832d6c282269d554411a87fc09b20bd6c6f734d 1400080 dovecot-managesieved_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 ec35d94b6efae552b9b9ed6ceb95deb3f0fbbcb9 31652 dovecot-mysql-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 8fa68f2e51c66b663743fc3f3d79c5d689e49bf5 1365320 dovecot-mysql_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 14fb85cb6a7f53549cf49b1926d77d76dd0fa1cb 33540 dovecot-pgsql-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 aeeb4768e7fd8a27dd21bf1f58911b7e18a2ea28 1368816 dovecot-pgsql_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 a9f90e7819fb4e19c79c9cde891e99250bfb2878 93648 dovecot-pop3d-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3667329e6bea5ad7e55a1da8b79c3215b6550f35 1386784 dovecot-pop3d_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 7e83fa77a137055c35997e53553ea29215f55ba3 1588192 dovecot-sieve-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 4ba125ddc38803f44f46a3b8d6a52b4d05728afb 1703780 dovecot-sieve_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 22d696bb5a4d0118672ec4af2dca24c61335cfc6 88392 dovecot-solr-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 0e1ed739ff30d2341cbe304aef126181a872fa14 1376384 dovecot-solr_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 19415c3305dfb21e5c50903875c4fcdd3ac1b0cd 17928 dovecot-sqlite-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 f9b193f16aded7b822bedbf0ab6a83726cc0354b 1363300 dovecot-sqlite_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 d41b3ab7689b7dd27a482be054bbb349ca5725ab 185076 dovecot-submissiond-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 11a817b508920e4b822578c116f3381d9a2e73c5 1403180 dovecot-submissiond_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 1f2050d2724092c9e24b0f7dd56d1de58f7263c7 18848 dovecot_2.3.19.1+dfsg1-2.1+deb12u6_amd64-buildd.buildinfo
Checksums-Sha256:
 63ff537c26e8d416248c92a8b686f82f08f95ff2425aa960bdc082a835413cbb 33688 dovecot-auth-lua-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 99546ace8ea59ab79e8cf07fb1155ab22a98af8a29a77e2f7dec5523905823aa 1367520 dovecot-auth-lua_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 0b3b85300e773824819cc1945c528180774f82bf33abdb3d87a61c6230b588b2 10572784 dovecot-core-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 baa08b36e7eedc69a034d4cb92c91416d21eae2ca9422908b9f470d7116f3d95 4487008 dovecot-core_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 5604b2f6a1b1b5fd2b906e9aedbab3a22b892439f443c2f5a82092ea0ef9b75c 1744120 dovecot-dev_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 08c638537601093652c9d58db6e280faa9dfaa9b0ec529ee6eacfc78b1d8f05d 21776 dovecot-gssapi-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 0ddb8f8562d451d2702901fb6daef111ef7aa7a32d40dfe07ae7d8a281a7b578 1363484 dovecot-gssapi_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 58e5a94754070a3b0a881fa7e7e822235d91f51a59652c218a56689b7bf2fafa 732676 dovecot-imapd-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 0e27abda1f6372fc0ecca5b0ec3d89fbf5d296333788569661addc9bc9ee3f46 1528716 dovecot-imapd_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 b92556cd1e3dffb1815c5f5a136d09ea1d162ce6a15e125d1b4808994b2c4900 122136 dovecot-ldap-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 c91b0a7b5edeb66f64c4326738063bc0cf19caf7cff92e7b0bd9ba61792cc33b 1394412 dovecot-ldap_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 b33d6ce5b171de18e36458afd99ac39b60743cfce0af5f8e74ae0a6207b06613 93144 dovecot-lmtpd-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 f3a77065352d84d634deccb70943d7f0aae3a074a1ce50b7c01106130879e6de 1379096 dovecot-lmtpd_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 0ed4adbd8886d79ec9086922085b61390e4f16a4751c81d126d0b8054878c61d 154572 dovecot-lucene-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 88c71423670e6fe39eac41b0b82dad871c590405ad8ba6f64d133fa42e7c0abe 1383012 dovecot-lucene_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 9a09644c7cc4f90b2bd686430b93f3a6663ac2cabd8a917e8823e8e760daa157 164184 dovecot-managesieved-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 1978310371f39f3f449477d4ff097b94e4058f85afe16917d5428c256ab89102 1400080 dovecot-managesieved_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3f894e147b9a84979e580e9c6dce2d7bea7d2890085c57c57f3ff7a529756738 31652 dovecot-mysql-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 087133de8190d734c7325bf481e75cbf7768efd2b3eb54a1cf192bf9dd5b7c59 1365320 dovecot-mysql_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 831963c4b1b11ef83d9509610f912e10cd1d8a35d2e2c75bc48a585de811f7c0 33540 dovecot-pgsql-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 9dd32ff17e18ee795107fcdab7140d89ada59bf9c1811f30233b39e9030d7609 1368816 dovecot-pgsql_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 890bc06f1162b25cecb99b6c3bbb05c39681bc1dfb8d83375442539f76ee30fd 93648 dovecot-pop3d-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 418098354878cc0e4007b8eceff96a2c3d87acdd66e0a3311d4243eab7944690 1386784 dovecot-pop3d_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 6ad225f6835c8e89afb2d60f1b19aff777cc86cad98385312fcf815b00d0aba8 1588192 dovecot-sieve-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 a4838f00601293a1bc57880dbb8832151c993a19b34aa8ca7939a94244c66fc7 1703780 dovecot-sieve_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 601b91909f652209b9c032506c532200af58d564f9df4e314b0312d2fe25fcb8 88392 dovecot-solr-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 f3fdf6fe64ad3d8fba7d5f753edbbc0b6ef7ea2a6e54cc98ac2cf7c3d764f069 1376384 dovecot-solr_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 75c2d3d8a47e996983b08a7526bbd2c01ed89eff8a148c9219b40e16f52bbd9d 17928 dovecot-sqlite-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 c848be8f4ae4d1a9fa34bbf65573d5c065ccd49797ca064672db0d07cee431f5 1363300 dovecot-sqlite_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 29e36d66c187345d22b0b1d7a57c7bb77fa27aa8e8471068bda4be6dfdbd3a0c 185076 dovecot-submissiond-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 a378e1374fefe3311c2b70fa3873d84bbe5533e3cd0f8ec5c4c10eb9e758055b 1403180 dovecot-submissiond_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 33d9510e7bdde0624bea59dc6b06c63583521c24c79f958bc057d8a09b53cb5f 18848 dovecot_2.3.19.1+dfsg1-2.1+deb12u6_amd64-buildd.buildinfo
Files:
 bca01df3799ac7c82481de2e3a3f1773 33688 debug optional dovecot-auth-lua-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3428fdf7f06a4e7247efddb04a550740 1367520 mail optional dovecot-auth-lua_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 50de51400d9028e023396aeffeab1b36 10572784 debug optional dovecot-core-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 fd562750a2308a9a957d8128e12f8477 4487008 mail optional dovecot-core_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 a1d57004f9157cd67f92691ab41f1e5e 1744120 mail optional dovecot-dev_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3a765420c41614c58da5f92e9fea771a 21776 debug optional dovecot-gssapi-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 fe5b6963d06e78dd20c5117947fe32a5 1363484 mail optional dovecot-gssapi_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 aaa1f9d0f0a47eff894a84e7fb1ebcfc 732676 debug optional dovecot-imapd-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 f205fde477eb6aeebfbe1231bc001882 1528716 mail optional dovecot-imapd_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 6f3494c49bb423420fdfdfc1bcb8a974 122136 debug optional dovecot-ldap-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 191220c3fa4dcf596aedd4cd6c834402 1394412 mail optional dovecot-ldap_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 de148be4c5e52c8545ed77b79a3b14bb 93144 debug optional dovecot-lmtpd-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 07ac8356099523ed61aedac452dfb6a9 1379096 mail optional dovecot-lmtpd_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 71407d5c6098dd4afae39008e125d6d2 154572 debug optional dovecot-lucene-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 9829b364d3882fb6baae3791d3c8c491 1383012 mail optional dovecot-lucene_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 b67e3c27ab5124ec124a8885113cf3e4 164184 debug optional dovecot-managesieved-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 41711c77bb21f2d7b3ca4d248670b38b 1400080 mail optional dovecot-managesieved_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 dcfa708fd99068031bbe05cee43c7028 31652 debug optional dovecot-mysql-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3fd281a0e6ba84135b4f7947ce59df5c 1365320 mail optional dovecot-mysql_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 a8e534c4cf9d2c6f19c08b158a22d52c 33540 debug optional dovecot-pgsql-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 1d297cd6454f06ce44c576039568f635 1368816 mail optional dovecot-pgsql_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 9fb5e7006bc7706fb8fd6cef7e45ef57 93648 debug optional dovecot-pop3d-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 36a5119a0c720e02ceaaaba94df529bd 1386784 mail optional dovecot-pop3d_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 370b7b065d27529a8bf57d8bab99a742 1588192 debug optional dovecot-sieve-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 9633f9a0989946bb84037c92132ff31e 1703780 mail optional dovecot-sieve_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 eea4192f8b1b42d0f4c69fb4ad6bb500 88392 debug optional dovecot-solr-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3c0e032e7a944abf705dd522ea4dd937 1376384 mail optional dovecot-solr_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 01d3da52e2885b19960dcbae191643cb 17928 debug optional dovecot-sqlite-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 636eaf1629d81ac1f60a8ad60cb71435 1363300 mail optional dovecot-sqlite_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 3439773005bddd7a02fa2caca88bf5c2 185076 debug optional dovecot-submissiond-dbgsym_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 20dd9df7c68141a041398e7a932ac42d 1403180 mail optional dovecot-submissiond_2.3.19.1+dfsg1-2.1+deb12u6_amd64.deb
 496e11a4b320f107f642d835bb3af46a 18848 mail optional dovecot_2.3.19.1+dfsg1-2.1+deb12u6_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmoZ7yAACgkQYg9P9sm2
dfFS0A//YThrZqipVg4x5ZHQD74QgPX4daJwVYreRzdGvktiG4PmH5K0j+rhzGWL
XSofqQ44dJ3pPu4w48UEAD2WIes5UqdCNzA94VuRW/fRzyc9GlKZhgQSKqdNmMlI
j5uYTLhLrZkTi/Wd6hcbWkA6Z6NMsxym7cHktfqjh0pyO5ZjQwbOklvujPsFTsUc
qVgpBVWUjK0y5Y2eHBSw3NKHyBZ+B5+nzcSR2glZmIETv+WczW9lhwe5q2xpgWDE
ozRiS/ig1jtfYiYXl75PsT0tL2wUDUHjy//c9LtmGXOm2p6ymrboCl5STQbctoFE
ax04cizZqVQRMcNwRpHXT/Yslj9LNVZmphk81nciRHKMhxkjA/PdodXoi7ESwot7
LBTRBm2RUxrfk5ln4rBOkdEPrKbZ+OiOf1LA2aLOdiH6nNxoNCp6rwpppYZD5I1V
rJOicFB1rDLI6tDQMuWzvAStv3T5OiTaHrYl+7JnA0rAMEXp6V3tJfEXjkuYRq/T
olOsgw5zqgyaewXQamF30eYmvzCDkSogBqLgvlaQqJA7MasF6VKZgD73cYJJNe+N
zsKa5btqxksQWZUJZuzFpMPNZgCXErmbFmYDtfb3XZEBWZ+M0ql+R5ifZngM5xju
69JsJUe7bmnhegFNjfx4YIwIiuk1Zk8PmgJGHjGiHKBzvezuECM=
=y7so
-----END PGP SIGNATURE-----