Version in base suite: 2.3.19.1+dfsg1-2.1+deb12u1 Version in overlay suite: 2.3.19.1+dfsg1-2.1+deb12u2 Base version: dovecot_2.3.19.1+dfsg1-2.1+deb12u2 Target version: dovecot_2.3.19.1+dfsg1-2.1+deb12u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/d/dovecot/dovecot_2.3.19.1+dfsg1-2.1+deb12u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/d/dovecot/dovecot_2.3.19.1+dfsg1-2.1+deb12u3.dsc changelog | 8 ++++++++ patches/CVE-2025-59032.patch | 23 +++++++++-------------- tests/control | 2 +- tests/usage/sieve | 8 ++++++++ 4 files changed, 26 insertions(+), 15 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp_m55iysx/dovecot_2.3.19.1+dfsg1-2.1+deb12u2.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp_m55iysx/dovecot_2.3.19.1+dfsg1-2.1+deb12u3.dsc: no acceptable signature found diff -Nru dovecot-2.3.19.1+dfsg1/debian/changelog dovecot-2.3.19.1+dfsg1/debian/changelog --- dovecot-2.3.19.1+dfsg1/debian/changelog 2026-04-03 17:58:21.000000000 +0000 +++ dovecot-2.3.19.1+dfsg1/debian/changelog 2026-04-06 15:23:26.000000000 +0000 @@ -1,3 +1,11 @@ +dovecot (1:2.3.19.1+dfsg1-2.1+deb12u3) bookworm-security; urgency=medium + + * [4c6afb0] autopkgtests: Add managesieved authentication test + * [edc0243] Fix CVE-2025-59032 regression impacting managesieved auth + (Closes: #1132861) + + -- Noah Meyerhans Mon, 06 Apr 2026 11:23:26 -0400 + dovecot (1:2.3.19.1+dfsg1-2.1+deb12u2) bookworm-security; urgency=medium * [34fb460] import upstream fixes for several CVEs diff -Nru dovecot-2.3.19.1+dfsg1/debian/patches/CVE-2025-59032.patch dovecot-2.3.19.1+dfsg1/debian/patches/CVE-2025-59032.patch --- dovecot-2.3.19.1+dfsg1/debian/patches/CVE-2025-59032.patch 2026-04-03 17:58:21.000000000 +0000 +++ dovecot-2.3.19.1+dfsg1/debian/patches/CVE-2025-59032.patch 2026-04-06 15:09:21.000000000 +0000 @@ -8,26 +8,21 @@ src/managesieve-login/client.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) -Index: dovecot/pigeonhole/src/managesieve-login/client.c -=================================================================== ---- dovecot.orig/pigeonhole/src/managesieve-login/client.c -+++ dovecot/pigeonhole/src/managesieve-login/client.c -@@ -330,10 +330,14 @@ static bool managesieve_client_input_nex +--- dovecot-2.3.21+dfsg1.orig/pigeonhole/src/managesieve-login/client.c ++++ dovecot-2.3.21+dfsg1/pigeonhole/src/managesieve-login/client.c +@@ -330,10 +330,12 @@ static bool managesieve_client_input_nex if (args[0].type != MANAGESIEVE_ARG_EOL) ret = -1; } - } - if (ret > 0) { -- i_assert(client->cmd != NULL); -- ret = client->cmd->func(client, args); -+ if (ret > 0) { -+ i_assert(client->cmd != NULL); ++ if (ret > 0) + ret = client->cmd->func(client, args); -+ } else { -+ /* Continue unfinished command */ -+ i_assert(client->cmd != NULL); -+ ret = client->cmd->func(client, NULL); -+ } ++ } else { ++ /* Continue unfinished command */ + i_assert(client->cmd != NULL); +- ret = client->cmd->func(client, args); ++ ret = client->cmd->func(client, NULL); } if (ret != 0) diff -Nru dovecot-2.3.19.1+dfsg1/debian/tests/control dovecot-2.3.19.1+dfsg1/debian/tests/control --- dovecot-2.3.19.1+dfsg1/debian/tests/control 2026-04-03 17:58:21.000000000 +0000 +++ dovecot-2.3.19.1+dfsg1/debian/tests/control 2026-04-06 15:01:29.000000000 +0000 @@ -6,7 +6,7 @@ Depends: dovecot-core, systemd-sysv Test-Command: run-parts --report --exit-on-error debian/tests/usage -Depends: dovecot-imapd, dovecot-pop3d, python3 +Depends: dovecot-imapd, dovecot-pop3d, dovecot-managesieved, sieve-connect, python3 Restrictions: needs-root, breaks-testbed, allow-stderr Tests: testmails diff -Nru dovecot-2.3.19.1+dfsg1/debian/tests/usage/sieve dovecot-2.3.19.1+dfsg1/debian/tests/usage/sieve --- dovecot-2.3.19.1+dfsg1/debian/tests/usage/sieve 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.3.19.1+dfsg1/debian/tests/usage/sieve 2026-04-06 14:52:26.000000000 +0000 @@ -0,0 +1,8 @@ +#!/usr/bin/bash +# Validate managesieved authentication + +user=dep8 +pass=test + +sieve-connect --notlsverify --debug -s localhost \ + -p 4190 -u "$user" --list --passwordfd 3 3< <(echo "$pass")