[SECURITY] [DSA 6019-1] dovecot security update

---

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

---

• To: debian-security-announce@lists.debian.org
• Subject: [SECURITY] [DSA 6019-1] dovecot security update
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Sun, 05 Oct 2025 12:12:32 +0000
• Message-id: <[🔎] E1v5NbM-00E9Ca-1y@seger.debian.org>
• Reply-to: debian-security-announce-request@lists.debian.org

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6019-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 05, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
Debian Bug     : 1115474 1115964

A flaw with the authentication cache management was discovered in the
Dovecot email server, which could result in users being logged in as the
wrong user in certain configurations.

For the stable distribution (trixie), this problem has been fixed in
version 1:2.4.1+dfsg1-6+deb13u1.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjiYIZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QVBhAAojUzhp8mPI6OhdQzjgn8ZdH8rWGx1xE2m40h4LYgNsP5X1Q937YyBGt5
NXjJxkpR69WiRkuCmvItlqcekrCi+hHHXJWZ//I8JeFrzIJbkgq91ABEj53wpw7S
EYB4GFAZus0Vu6mJUmo0YYar2539AOxm0RJMp8u411+REMdW+Ir+w8B6LGQ8tn0C
W6+T7OfStyGKduivCYKrkeLITNGpD5jWYlFo6zv/ww9DXBD50R5TZ2AdiGJvT/bm
RdGChKykwkY1qqDmBsmLpoTJu5gaDXm36REmWCaTp5/FgnsSNGXTd8ePwh6HhASs
puk9GkvvDP6V4ssy4k6FmzqB7BpdW/O+m62in+v543bmHjTNqwg2kcc8l2LHwUpp
bXIzlvQpVUw9LwLaA+2Dhwggm+r/dKU/TRWdhrlrvVF4xCH5/dkuGvjjVjRhOaqA
hbq1Qbs8i+T+TqkIuB1Vij09xKUE8rmuLl44YjpENrHExdTnXXel/EiWHpAEwIJU
DA2fEBmzbOGEhYLSHDi+AzOnYJf3DA8Tz/Wic31GJeLXsyU9+Q8i3Ar1C3Clj6VE
XCa9dRycJjjAxWGXkIENYmt3zmhq1eeacmtRSovMNzunxl24zJY2bV9Dyu/p5Sp2
qwImmZB95W89HyLa4VTyH1y8UwL6nCBqU1o7z/l2lHalRXykRgc=
=ICYH
-----END PGP SIGNATURE-----

---

Reply to:

• debian-security-announce@lists.debian.org
• Salvatore Bonaccorso (on-list)
• Salvatore Bonaccorso (off-list)

---

• Prev by Date: [SECURITY] [DSA 6018-1] gegl security update
• Next by Date: [SECURITY] [DSA 6020-1] redis security update
• Previous by thread: [SECURITY] [DSA 6018-1] gegl security update
• Next by thread: [SECURITY] [DSA 6020-1] redis security update
• Index(es):
  • Date
  • Thread