Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12f05ec5 by Salvatore Bonaccorso at 2026-05-13T23:09:42+02:00
Add Debian bug reference for dovecot issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -784,7 +784,7 @@ CVE-2026-42048 (Langflow is a tool for building and
deploying AI-powered agents
CVE-2026-42045 (LobeHub is a work-and-lifestyle space to find, build, and
collaborate ...)
TODO: check
CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive
bracing ...)
- - dovecot <unfixed>
+ - dovecot <unfixed> (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-41895 (changedetection.io is a free open source web page change
detection too ...)
TODO: check
@@ -943,10 +943,10 @@ CVE-2026-40357 (Deserialization of untrusted data in
Microsoft Office SharePoint
CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to
12.0, With m ...)
TODO: check
CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone
permissi ...)
- - dovecot <unfixed>
+ - dovecot <unfixed> (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve
service ...)
- - dovecot <unfixed>
+ - dovecot <unfixed> (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
@@ -1093,7 +1093,7 @@ CVE-2026-33833 (Improper neutralization of special
elements in output used by a
CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365
Customer Insig ...)
NOT-FOR-US: Microsoft
CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between
Dovecot a ...)
- - dovecot <unfixed>
+ - dovecot <unfixed> (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-33117 (Improper authentication in Azure SDK allows an unauthorized
attacker t ...)
NOT-FOR-US: Microsoft
@@ -1198,7 +1198,7 @@ CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is
vulnerable to Stored Cro
CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an
authenticat ...)
TODO: check
CVE-2026-27851 (When safe filter is used with variable expansion, all
following pipeli ...)
- - dovecot <unfixed>
+ - dovecot <unfixed> (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-27662 (Affected devices do not properly restrict access to the web
browser vi ...)
NOT-FOR-US: Siemens
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f05ec5920f26b7d40524e8cfbc893b372f5ec3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f05ec5920f26b7d40524e8cfbc893b372f5ec3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
