Secure imap and pop3 server
Go to file
RHEL Packaging Agent cb203ee7f1 Fix CVE-2026-42006: bypass of CVE-2026-27857 IMAP parser fix
Backport upstream commit 9a0f8c1066956ea7450ca82b57f904332006a502
to fix CVE-2026-42006. The IMAP parser's list_count_limit was
incorrectly checking the limit in imap_parser_close_list() (on
')') instead of imap_parser_open_list() (on '('). This patch
moves the check so it correctly limits the number of open
braces, preventing potential abuse via deeply nested lists.

CVE: CVE-2026-42006
Upstream patches:
 - 9a0f8c1066.patch
Resolves: RHEL-188480

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-26 11:28:05 +00:00
.gitignore Import rpm: c8s 2023-02-27 12:52:25 -05:00
dovecot-1.0.beta2-mkcert-permissions.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-1.0.rc7-mkcert-paths.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.0-defaultconfig.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.1.10-waitonline.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.2.20-initbysystemd.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.2.22-systemd_w_protectsystem.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.2.36-aclfix.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.2.36-bigkey.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.3-cve-2025-59032.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-27857p1of5.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-27857p2of5.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-27857p3of5.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-27857p4of5.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-27857p5of5.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-27858.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3-cve-2026-42006.patch Fix CVE-2026-42006: bypass of CVE-2026-27857 IMAP parser fix 2026-06-26 11:28:05 +00:00
dovecot-2.3.6-opensslhmac.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.3.16-d7705bc6.patch fixes assert-crash when IMAP client uses QRESYNC (#RHEL-22854) 2024-02-16 23:42:54 +01:00
dovecot-2.3.16-ftbfsbigend.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.3.16-keeplzma.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.3.18-9f300239..4596d399.patch fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) 2026-04-13 14:00:50 +02:00
dovecot-2.3.18-bdf447e4.patch fix leaking mailboxes if virtual mailbox can't be opened (#2128857) 2023-08-04 21:12:02 +00:00
dovecot-2.3.19.1-7bad6a24.patch Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot-2.3.21-test-socket-path.patch fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) 2024-08-29 17:53:41 +02:00
dovecot-2.3.21.1-CVE-2024-23184.patch fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) 2024-08-29 17:53:41 +02:00
dovecot-2.3.21.1-CVE-2024-23185.patch fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) 2024-08-29 17:53:41 +02:00
dovecot.conf.5 Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot.init Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot.pam Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot.spec Fix CVE-2026-42006: bypass of CVE-2026-27857 IMAP parser fix 2026-06-26 11:28:05 +00:00
dovecot.sysconfig Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
dovecot.tmpfilesd Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
gating.yaml Bring gating.yaml over from Brew dist-git 2023-03-10 10:34:28 -08:00
prestartscript Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00
sources Auto sync2gitlab import of dovecot-2.3.16-3.el8.src.rpm 2022-07-22 10:12:43 +00:00