On Mon, Sep 22, 2025 at 02:48:56PM +0000, Allan Wind wrote: > I just upgraded from bookworm to trixie, and while I have run dovecot > for many years, it's certainly possible that I made mistakes when > upgrading the configuration in conf.d/auth-system.conf.ext and local.conf: > > Intermittently, when I authenticate one user (allan) the mailbox for another > user (mona) is returned. This means the user allan does not have access to > his > (my) mailbox but does have access to another user mona. This is obviously an > important security issue.
This sounds an awful lot like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115474, in which case it's fixed upstream. Please stand by for a fix in unstable. I can provide a trixie build too, if you're able to test that and confirm the fix.
