This bug was fixed in the package dovecot - 1:2.4.1+dfsg1-5ubuntu4
---------------
dovecot (1:2.4.1+dfsg1-5ubuntu4) questing; urgency=medium
* SECURITY UPDATE: authentication cache bypass (LP: #2126984)
- debian/patches/CVE-2025-30189.patch: use AUTH_CACHE_KEY_USER instead
of per-database constants in src/auth/auth-settings.h,
src/auth/passdb-bsdauth.c, src/auth/passdb-oauth2.c,
src/auth/passdb-pam.c, src/auth/passdb-passwd.c,
src/auth/userdb-passwd.c.
- CVE-2025-30189
-- Marc Deslauriers <[email protected]> Tue, 07 Oct 2025
07:17:56 -0400
** Changed in: dovecot (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-30189
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126984
Title:
dovecot 2.4: access to other users' emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/2126984/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
