Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a55ddf8 by Salvatore Bonaccorso at 2026-05-15T22:42:00+02:00
Track fixed version for dovecot issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2745,7 +2745,7 @@ CVE-2026-42048 (Langflow is a tool for building and
deploying AI-powered agents
CVE-2026-42045 (LobeHub is a work-and-lifestyle space to find, build, and
collaborate ...)
TODO: check
CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive
bracing ...)
- - dovecot <unfixed> (bug #1136444)
+ - dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-41895 (changedetection.io is a free open source web page change
detection too ...)
TODO: check
@@ -2904,10 +2904,10 @@ CVE-2026-40357 (Deserialization of untrusted data in
Microsoft Office SharePoint
CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to
12.0, With m ...)
TODO: check
CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone
permissi ...)
- - dovecot <unfixed> (bug #1136444)
+ - dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve
service ...)
- - dovecot <unfixed> (bug #1136444)
+ - dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
@@ -3054,7 +3054,7 @@ CVE-2026-33833 (Improper neutralization of special
elements in output used by a
CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365
Customer Insig ...)
NOT-FOR-US: Microsoft
CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between
Dovecot a ...)
- - dovecot <unfixed> (bug #1136444)
+ - dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-33117 (Improper authentication in Azure SDK allows an unauthorized
attacker t ...)
NOT-FOR-US: Microsoft
@@ -3159,7 +3159,7 @@ CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is
vulnerable to Stored Cro
CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an
authenticat ...)
TODO: check
CVE-2026-27851 (When safe filter is used with variable expansion, all
following pipeli ...)
- - dovecot <unfixed> (bug #1136444)
+ - dovecot 1:2.4.4+dfsg1-1 (bug #1136444)
[bookworm] - dovecot <not-affected> (Vulnerable code introduced later)
[bullseye] - dovecot <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a55ddf85bf3c2ba989a928190f2e648400764c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a55ddf85bf3c2ba989a928190f2e648400764c0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
