This bug was fixed in the package dovecot - 1:2.4.2+dfsg1-3ubuntu1
---------------
dovecot (1:2.4.2+dfsg1-3ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2126007). Remaining changes:
- d/rules: switch to -O2 (from -O3) on ppc64el to fix FTBFS (LP #2121250)
* Dropped changes:
- d/p/fips-pbkdf2-fix: update PBKDF2 salt length to be FIPS 140-3 compliant
[upstream in 2.4.2 dab49bf1222 and 5ebc1e3e560]
- d/rules: set mbranch-protection=bti to avoid ftbfs
[fixed in libunwind-1.8.2]
- d/p/CVE-2025-30189: fix auth by AUTH_CACHE_KEY_USER
[upstream in 2.4.2]
dovecot (1:2.4.2+dfsg1-3) unstable; urgency=medium
* [986f666] Correctly handle signed 32-bit time_t types (Closes: #1124541)
* [e2498a3] import upstream fixes to regex handling with libpcre
(Closes: #1121519)
* [c613433] refresh debian/copyright
* [79dcac4] refresh lintian overrides
* [67a151e] d/control: drop Priority fields per policy 4.7.3
* [7c03ad9] d/control: bump standards-version to 4.7.3
dovecot (1:2.4.2+dfsg1-2) unstable; urgency=medium
* [e34626c] import upstream fix for possible crash in ldap userdb
(Closes: #1121000)
* [8d95d15] d/control: add libpcre2-dev to build-deps (Closes: #1121193)
* [7b23f06] Work around test failure on big-endian architectures
dovecot (1:2.4.2+dfsg1-1) unstable; urgency=medium
* [812f0ea] d/control: update time-daemon Suggests (Closes: #1118232)
* [658bbd5] Revert "d/watch: handle suffixes in upstream release filenames"
* [7ada151] New upstream version 2.4.2+dfsg1
* [5e41d98] Refresh or remove patches as needed
* [ff4b25e] Fix detection of krb5 CFLAGS
* [975f35c] Fix a compile failure on 32-bit systems
* [751bdb7] exclude developer scripts from package
dovecot (1:2.4.1+dfsg1-9) unstable; urgency=medium
* [58328b9] Add postgres userdb/passdb autopkgtest coverage
* [f5ce82f] Add mariadb userdb/passdb autopkgtest coverage
* [3f9b9ae] Apply the rest of the cross-build patch (Closes: #983791)
* [33dcea2] lib-index: Fix storing cache fields' last_used with 32bit big
endian CPUs (Closes: #1107608)
dovecot (1:2.4.1+dfsg1-8) unstable; urgency=medium
* [57a6237] d/control: Add libcrypt-dev to Build-Depends (Closes: #1106915)
* [9fc8885] import upstream patch for improperly terminated
auth_oauth2_post_setting_defines (Closes: #1116328)
* [c624fe6] lib-sieve/sieve-script.c: sieve_script_create_common: Correctly
handle errors. (Closes: #1116070)
* [769dd9c] d/rules: Pass the current C compiler krb5-config.mit
(Closes: #983791)
dovecot (1:2.4.1+dfsg1-7) unstable; urgency=medium
* [ebfdfa6] [PATCH] auth: Use AUTH_CACHE_KEY_USER instead of
per-database constants (CVE-2025-30189) (Closes: #1115474)
* [4a9e872] Clean up a few typos in default/example config (Closes: #1112667)
* [db01b1f] Ensure default lmtpd auth_username_format matches the global value
(Closes: #1111469)
dovecot (1:2.4.1+dfsg1-6) unstable; urgency=medium
* [8c6ba88] Fix LDAP SASL auth support (Closes: #1106784)
* [fac9131] Avoid -fstack-clash-protection on hppa architecture
(Closes: #1107609)
* [071beb5] d/control: update Uploaders to reflect the current reality
-- Jonas Jelten <[email protected]> Tue, 09 Feb 2026 09:40:39 +0100
** Changed in: dovecot (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-30189
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126007
Title:
Merge dovecot from Debian Unstable for r-series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/2126007/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
