From e99441755f5f0675d42b534728471674fd488d92 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 6 Apr 2026 14:03:10 +0200 Subject: [PATCH] dovecot: ignore already fixed CVEs The following CVEs are fixed in the current version already, however they are tracked without version info. Upstream has confirmed[1] that these vulnerabilities are fixed, and Debian has also identified the relevant commits: CVE-2025-30189: https://security-tracker.debian.org/tracker/CVE-2025-30189 CVE-2026-0394: https://security-tracker.debian.org/tracker/CVE-2026-0394 CVE-2026-24031: https://security-tracker.debian.org/tracker/CVE-2026-24031 CVE-2026-27855: https://security-tracker.debian.org/tracker/CVE-2026-27855 CVE-2026-27860: https://security-tracker.debian.org/tracker/CVE-2026-27860 [1]: https://seclists.org/fulldisclosure/2026/Mar/13 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb b/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb index a8930979ea..10ca595029 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb @@ -81,3 +81,8 @@ FILES:${PN}-dev += "${libdir}/dovecot/libdovecot*.so" FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug" CVE_STATUS[CVE-2016-4983] = "not-applicable-platform: Affects only postinstall script on specific distribution." +CVE_STATUS[CVE-2025-59031] = "fixed-version: fixed since v2.4.2" +CVE_STATUS[CVE-2026-0394] = "fixed-version: fixed since v2.4.1" +CVE_STATUS[CVE-2026-24031] = "fixed-version: fixed since v2.4.3" +CVE_STATUS[CVE-2026-27855] = "fixed-version: fixed since v2.4.3" +CVE_STATUS[CVE-2026-27860] = "fixed-version: fixed since v2.4.3"