Release date:
2026-06-08 09:28:54 UTC
Description:
- CVE-2026-40020: imap-acl: reject CR/LF/control-char and non-UTF-8 injection in SETACL identifier
- CVE-2026-42006: lib-imap: fix list_count_limit to actually bound '(' (incomplete fix for CVE-2026-27857)
- CVE-2026-40016: lib-sieve: enforce sieve_max_cpu_time inside :contains/:matches matcher loops
Updated packages:
-
dovecot-2.3.16-8.el9_2.tuxcare.els6.i686.rpm
sha:48ed86fac83bb8b6e704bfce03ea3bf7ae9f21e534025adb630b0f3f14b13148
-
dovecot-2.3.16-8.el9_2.tuxcare.els6.x86_64.rpm
sha:a358614caafb88ab6b8af75b7251090ff06c43493ea6cc9e73e4f16b1d7570f2
-
dovecot-devel-2.3.16-8.el9_2.tuxcare.els6.i686.rpm
sha:f076ea03a5d295081b33addb0babc41579fd23c8986db214cdf08e08c7eb6b63
-
dovecot-devel-2.3.16-8.el9_2.tuxcare.els6.x86_64.rpm
sha:6a70414f55b1718f83d7eb7c41ba40f8199d79579b76196c710af805b5752b85
-
dovecot-mysql-2.3.16-8.el9_2.tuxcare.els6.x86_64.rpm
sha:90bcd4f755f79df817bc55c8f2a7326b634a8e6398f0336d0bcf997f9bfbd255
-
dovecot-pgsql-2.3.16-8.el9_2.tuxcare.els6.x86_64.rpm
sha:3ecfbc33b9b5aa8a4470c38c185c0a9214b3e98fc334cfcebb894f87a122cd07
-
dovecot-pigeonhole-2.3.16-8.el9_2.tuxcare.els6.x86_64.rpm
sha:7e1d927d1c6794c4343d12b9f98303c9fabd62cce3afa3d1d1020209d6a792ae
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
