Bug#1135871: marked as done (trixie-pu: package dovecot/1:2.4.1+dfsg1-6+deb13u5)

Debian Bug Tracking System Sat, 16 May 2026 03:43:11 -0700

Your message dated Sat, 16 May 2026 10:23:16 +0000
with message-id <[email protected]>
and subject line Released with 13.5
has caused the Debian Bug report #1135871,
regarding trixie-pu: package dovecot/1:2.4.1+dfsg1-6+deb13u5
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1135871: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135871
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:dovecot
User: [email protected]
Usertags: pu

The version of dovecot currently staged for inclusion in the next trixie
point release inadvertently introduced a memory leak when backporting
upstream's fix for CVE-2026-27857.

After conversation with the security team, we decided that the leak was not
severe enough to warrant a revision to the DSA, but could instead wait for
the upcoming trixie point release. So that's what this request is about.

This change updates debian/patches/CVE-2026-27857-2.patch to remove a stray
line "id->log_reply = str_new(default_pool, 64);"  It also refreshes
debian/patches/CVE-2026-27857-4.patch based on contextual changes from
updating -2.

This change also pulls in an autopkgtest that was introduced in the bookworm
update in DSA 6197 to detect a regression in that update.

debdiff is attached.

noah

diff -Nru dovecot-2.4.1+dfsg1/debian/changelog 
dovecot-2.4.1+dfsg1/debian/changelog
--- dovecot-2.4.1+dfsg1/debian/changelog        2026-03-31 15:07:17.000000000 
-0400
+++ dovecot-2.4.1+dfsg1/debian/changelog        2026-05-06 15:18:43.000000000 
-0400
@@ -1,3 +1,10 @@
+dovecot (1:2.4.1+dfsg1-6+deb13u5) trixie; urgency=medium
+
+  * [b357180] autopkgtests: Add managesieved authentication test
+  * [c9d69a1] Fix memory leak in CVE-2026-27857 fix
+
+ -- Noah Meyerhans <[email protected]>  Wed, 06 May 2026 15:18:43 -0400
+
 dovecot (1:2.4.1+dfsg1-6+deb13u4) trixie-security; urgency=medium
 
   * [bc29057] CVE-2025-59028: auth: Don't disconnect auth client when
diff -Nru dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch 
dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch
--- dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch   2026-03-31 
15:07:17.000000000 -0400
+++ dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-2.patch   2026-05-05 
20:14:11.000000000 -0400
@@ -20,8 +20,10 @@
  src/plugins/virtual/virtual-config.c   |  2 +-
  13 files changed, 30 insertions(+), 19 deletions(-)
 
---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-client.c
-+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-client.c
+Index: dovecot/src/imap-login/imap-login-client.c
+===================================================================
+--- dovecot.orig/src/imap-login/imap-login-client.c
++++ dovecot/src/imap-login/imap-login-client.c
 @@ -382,7 +382,7 @@ static int imap_client_create(struct cli
        imap_client->parser =
                imap_parser_create(imap_client->common.input,
@@ -40,21 +42,24 @@
  
        /* CRLF is lost from buffer when streams are reopened. */
        imap_client->skip_line = FALSE;
---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-cmd-id.c
-+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-cmd-id.c
-@@ -346,7 +346,9 @@ int cmd_id(struct imap_client *client)
+Index: dovecot/src/imap-login/imap-login-cmd-id.c
+===================================================================
+--- dovecot.orig/src/imap-login/imap-login-cmd-id.c
++++ dovecot/src/imap-login/imap-login-cmd-id.c
+@@ -346,7 +346,8 @@ int cmd_id(struct imap_client *client)
                id->params->pool = param_pool;
                id->parser = imap_parser_create(client->common.input,
                                                client->common.output,
 -                                              IMAP_LOGIN_MAX_LINE_LENGTH);
 +                                              IMAP_LOGIN_MAX_LINE_LENGTH,
 +                                              NULL);
-+              id->log_reply = str_new(default_pool, 64);
                if (client->set->imap_literal_minus)
                        imap_parser_enable_literal_minus(id->parser);
                parser_flags = IMAP_PARSE_FLAG_STOP_AT_LIST;
---- dovecot-2.4.1+dfsg1.orig/src/imap/cmd-append.c
-+++ dovecot-2.4.1+dfsg1/src/imap/cmd-append.c
+Index: dovecot/src/imap/cmd-append.c
+===================================================================
+--- dovecot.orig/src/imap/cmd-append.c
++++ dovecot/src/imap/cmd-append.c
 @@ -1063,7 +1063,8 @@ static bool cmd_append_full(struct clien
        o_stream_unset_flush_callback(client->output);
  
@@ -65,8 +70,10 @@
        if (client->set->imap_literal_minus)
                imap_parser_enable_literal_minus(ctx->save_parser);
  
---- dovecot-2.4.1+dfsg1.orig/src/imap/cmd-setmetadata.c
-+++ dovecot-2.4.1+dfsg1/src/imap/cmd-setmetadata.c
+Index: dovecot/src/imap/cmd-setmetadata.c
+===================================================================
+--- dovecot.orig/src/imap/cmd-setmetadata.c
++++ dovecot/src/imap/cmd-setmetadata.c
 @@ -289,7 +289,8 @@ cmd_setmetadata_start(struct imap_setmet
           asynchronously the same way as APPEND does. */
        client->input_lock = cmd;
@@ -77,8 +84,10 @@
        if (client->set->imap_literal_minus)
                imap_parser_enable_literal_minus(ctx->parser);
        o_stream_unset_flush_callback(client->output);
---- dovecot-2.4.1+dfsg1.orig/src/imap/imap-client.c
-+++ dovecot-2.4.1+dfsg1/src/imap/imap-client.c
+Index: dovecot/src/imap/imap-client.c
+===================================================================
+--- dovecot.orig/src/imap/imap-client.c
++++ dovecot/src/imap/imap-client.c
 @@ -975,7 +975,8 @@ client_command_new(struct client *client
        } else {
                cmd->parser =
@@ -89,8 +98,10 @@
                if (client->set->imap_literal_minus)
                        imap_parser_enable_literal_minus(cmd->parser);
        }
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap-client/imapc-connection.c
-+++ dovecot-2.4.1+dfsg1/src/lib-imap-client/imapc-connection.c
+Index: dovecot/src/lib-imap-client/imapc-connection.c
+===================================================================
+--- dovecot.orig/src/lib-imap-client/imapc-connection.c
++++ dovecot/src/lib-imap-client/imapc-connection.c
 @@ -1876,7 +1876,8 @@ static void imapc_connection_connect_nex
        o_stream_set_flush_callback(conn->output, imapc_connection_connected,
                                    conn);
@@ -101,8 +112,10 @@
        conn->to = 
timeout_add(conn->client->set->imapc_connection_timeout_interval_msecs,
                               imapc_connection_timeout, conn);
        conn->to_output = 
timeout_add(conn->client->set->imapc_max_idle_time_secs*1000,
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap-storage/imap-msgpart.c
-+++ dovecot-2.4.1+dfsg1/src/lib-imap-storage/imap-msgpart.c
+Index: dovecot/src/lib-imap-storage/imap-msgpart.c
+===================================================================
+--- dovecot.orig/src/lib-imap-storage/imap-msgpart.c
++++ dovecot/src/lib-imap-storage/imap-msgpart.c
 @@ -149,7 +149,7 @@ imap_msgpart_get_header_fields(pool_t po
        int result = 0;
  
@@ -112,8 +125,10 @@
  
        if (imap_parser_finish_line(parser, 0, 0, &args) > 0 &&
            imap_arg_get_list_full(args, &hdr_list, &list_count) &&
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-bodystructure.c
-+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-bodystructure.c
+Index: dovecot/src/lib-imap/imap-bodystructure.c
+===================================================================
+--- dovecot.orig/src/lib-imap/imap-bodystructure.c
++++ dovecot/src/lib-imap/imap-bodystructure.c
 @@ -722,7 +722,7 @@ int imap_bodystructure_parse_full(const
        input = i_stream_create_from_data(bodystructure, strlen(bodystructure));
        (void)i_stream_read(input);
@@ -132,8 +147,10 @@
        ret = imap_parser_finish_line(parser, 0, IMAP_PARSE_FLAG_NO_UNESCAPE |
                                      IMAP_PARSE_FLAG_LITERAL_TYPE, &args);
        if (ret < 0) {
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-envelope.c
-+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-envelope.c
+Index: dovecot/src/lib-imap/imap-envelope.c
+===================================================================
+--- dovecot.orig/src/lib-imap/imap-envelope.c
++++ dovecot/src/lib-imap/imap-envelope.c
 @@ -222,7 +222,7 @@ bool imap_envelope_parse(const char *env
        input = i_stream_create_from_data(envelope, strlen(envelope));
        (void)i_stream_read(input);
@@ -143,8 +160,10 @@
        ret = imap_parser_finish_line(parser, 0,
                                      IMAP_PARSE_FLAG_LITERAL_TYPE, &args);
        if (ret < 0) {
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-parser.c
-+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-parser.c
+Index: dovecot/src/lib-imap/imap-parser.c
+===================================================================
+--- dovecot.orig/src/lib-imap/imap-parser.c
++++ dovecot/src/lib-imap/imap-parser.c
 @@ -69,7 +69,8 @@ struct imap_parser {
  
  struct imap_parser *
@@ -155,8 +174,10 @@
  {
        struct imap_parser *parser;
  
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/imap-parser.h
-+++ dovecot-2.4.1+dfsg1/src/lib-imap/imap-parser.h
+Index: dovecot/src/lib-imap/imap-parser.h
+===================================================================
+--- dovecot.orig/src/lib-imap/imap-parser.h
++++ dovecot/src/lib-imap/imap-parser.h
 @@ -38,6 +38,9 @@ enum imap_parser_error {
        IMAP_PARSE_ERROR_LITERAL_TOO_BIG
  };
@@ -177,8 +198,10 @@
  void imap_parser_ref(struct imap_parser *parser);
  void imap_parser_unref(struct imap_parser **parser);
  
---- dovecot-2.4.1+dfsg1.orig/src/lib-imap/test-imap-parser.c
-+++ dovecot-2.4.1+dfsg1/src/lib-imap/test-imap-parser.c
+Index: dovecot/src/lib-imap/test-imap-parser.c
+===================================================================
+--- dovecot.orig/src/lib-imap/test-imap-parser.c
++++ dovecot/src/lib-imap/test-imap-parser.c
 @@ -16,7 +16,7 @@ static void test_imap_parser_crlf(void)
  
        test_begin("imap parser crlf handling");
@@ -215,8 +238,10 @@
                        ret = imap_parser_read_command_name(parser, &atom);
                        test_assert_idx(ret == tests[i].ret, i);
                        test_assert_idx(ret <= 0 || strcmp(tests[i].tag, atom) 
== 0, i);
---- dovecot-2.4.1+dfsg1.orig/src/plugins/virtual/virtual-config.c
-+++ dovecot-2.4.1+dfsg1/src/plugins/virtual/virtual-config.c
+Index: dovecot/src/plugins/virtual/virtual-config.c
+===================================================================
+--- dovecot.orig/src/plugins/virtual/virtual-config.c
++++ dovecot/src/plugins/virtual/virtual-config.c
 @@ -54,7 +54,7 @@ virtual_search_args_parse(const string_t
        input = i_stream_create_from_data(str_data(rule), str_len(rule));
        (void)i_stream_read(input);
diff -Nru dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch 
dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch
--- dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch   2026-03-31 
15:07:17.000000000 -0400
+++ dovecot-2.4.1+dfsg1/debian/patches/CVE-2026-27857-4.patch   2026-05-05 
20:33:28.000000000 -0400
@@ -11,8 +11,10 @@
  src/imap-login/imap-login-cmd-id.c |  6 +++++-
  3 files changed, 17 insertions(+), 3 deletions(-)
 
---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-client.c
-+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-client.c
+Index: dovecot/src/imap-login/imap-login-client.c
+===================================================================
+--- dovecot.orig/src/imap-login/imap-login-client.c
++++ dovecot/src/imap-login/imap-login-client.c
 @@ -379,10 +379,13 @@ static int imap_client_create(struct cli
                return -1;
        }
@@ -44,8 +46,10 @@
  
        /* CRLF is lost from buffer when streams are reopened. */
        imap_client->skip_line = FALSE;
---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-client.h
-+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-client.h
+Index: dovecot/src/imap-login/imap-login-client.h
+===================================================================
+--- dovecot.orig/src/imap-login/imap-login-client.h
++++ dovecot/src/imap-login/imap-login-client.h
 @@ -11,6 +11,10 @@
  /* maximum length for IMAP command line. */
  #define IMAP_LOGIN_MAX_LINE_LENGTH 8192
@@ -57,8 +61,10 @@
  enum imap_client_id_state {
        IMAP_CLIENT_ID_STATE_LIST = 0,
        IMAP_CLIENT_ID_STATE_KEY,
---- dovecot-2.4.1+dfsg1.orig/src/imap-login/imap-login-cmd-id.c
-+++ dovecot-2.4.1+dfsg1/src/imap-login/imap-login-cmd-id.c
+Index: dovecot/src/imap-login/imap-login-cmd-id.c
+===================================================================
+--- dovecot.orig/src/imap-login/imap-login-cmd-id.c
++++ dovecot/src/imap-login/imap-login-cmd-id.c
 @@ -344,10 +344,14 @@ int cmd_id(struct imap_client *client)
                client->cmd_id = id = i_new(struct imap_client_cmd_id, 1);
                id->params = p_new(param_pool, struct imap_id_params, 1);
@@ -72,6 +78,6 @@
                                                IMAP_LOGIN_MAX_LINE_LENGTH,
 -                                              NULL);
 +                                              &params);
-               id->log_reply = str_new(default_pool, 64);
                if (client->set->imap_literal_minus)
                        imap_parser_enable_literal_minus(id->parser);
+               parser_flags = IMAP_PARSE_FLAG_STOP_AT_LIST;
diff -Nru dovecot-2.4.1+dfsg1/debian/tests/control 
dovecot-2.4.1+dfsg1/debian/tests/control
--- dovecot-2.4.1+dfsg1/debian/tests/control    2026-03-06 15:20:26.000000000 
-0500
+++ dovecot-2.4.1+dfsg1/debian/tests/control    2026-05-05 20:12:28.000000000 
-0400
@@ -6,7 +6,7 @@
 Depends: dovecot-core, systemd-sysv
 
 Test-Command: run-parts --report --exit-on-error debian/tests/usage
-Depends: dovecot-imapd, dovecot-pop3d, python3
+Depends: dovecot-imapd, dovecot-pop3d, dovecot-managesieved, sieve-connect, 
python3
 Restrictions: needs-root, breaks-testbed, allow-stderr
 
 Tests: testmails
diff -Nru dovecot-2.4.1+dfsg1/debian/tests/usage/sieve 
dovecot-2.4.1+dfsg1/debian/tests/usage/sieve
--- dovecot-2.4.1+dfsg1/debian/tests/usage/sieve        1969-12-31 
19:00:00.000000000 -0500
+++ dovecot-2.4.1+dfsg1/debian/tests/usage/sieve        2026-05-05 
20:12:28.000000000 -0400
@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+# Validate managesieved authentication
+
+user=dep8
+pass=test
+
+sieve-connect --notlsverify --debug -s localhost \
+             -p 4190 -u "$user" --list --passwordfd 3 3< <(echo "$pass")

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 13.5

This update has been released as part of Debian 13.5.

--- End Message ---

Bug#1135871: marked as done (trixie-pu: package dovecot/1:2.4.1+dfsg1-6+deb13u5)

Reply via email to