diff -Nru amavisd-new-2.12.2/debian/changelog amavisd-new-2.12.2/debian/changelog
--- amavisd-new-2.12.2/debian/changelog	2022-02-18 12:14:20.000000000 +0000
+++ amavisd-new-2.12.2/debian/changelog	2024-04-12 15:24:15.000000000 +0000
@@ -1,3 +1,12 @@
+amavisd-new (1:2.12.2-1ubuntu1.1) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: incorrect check via multiple boundary parameters
+    - debian/patches/CVE-2024-28054.patch: add CC_UNCHECKED,3 content
+      category in amavisd.conf, amavisd.
+    - CVE-2024-28054
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 12 Apr 2024 11:24:15 -0400
+
 amavisd-new (1:2.12.2-1ubuntu1) jammy; urgency=medium
 
   * Merge with Debian unstable (LP: #1946841). Remaining changes:
diff -Nru amavisd-new-2.12.2/debian/patches/CVE-2024-28054.patch amavisd-new-2.12.2/debian/patches/CVE-2024-28054.patch
--- amavisd-new-2.12.2/debian/patches/CVE-2024-28054.patch	1970-01-01 00:00:00.000000000 +0000
+++ amavisd-new-2.12.2/debian/patches/CVE-2024-28054.patch	2024-04-12 15:24:15.000000000 +0000
@@ -0,0 +1,132 @@
+Backport of:
+
+From 78c4b7076ebf1d711629a95860aae1bc0db5277a Mon Sep 17 00:00:00 2001
+From: Damian Lukowski <damian.lukowski@netapp.com>
+Date: Wed, 18 Oct 2023 13:28:44 +0200
+Subject: [PATCH] Add CC_UNCHECKED,3 content category
+
+---
+ RELEASE_NOTES                  |  6 +++++
+ conf/amavisd.conf              |  1 +
+ lib/Amavis.pm                  |  8 +++---
+ lib/Amavis/Conf.pm             |  2 ++
+ lib/Amavis/Unpackers.pm        |  5 ++--
+ lib/Amavis/Unpackers/MIME.pm   | 15 ++++++++++++
+ lib/Amavis/Unpackers/Part.pm   |  3 ++-
+ t/Amavis/Unpackers/MIMETest.pm | 45 +++++++++++++++++++++++++++++++++-
+ 8 files changed, 78 insertions(+), 7 deletions(-)
+
+--- a/amavisd
++++ b/amavisd
+@@ -1383,6 +1383,7 @@ BEGIN {
+     CC_UNCHECKED,      'Unchecked',
+     CC_UNCHECKED.',1', 'UncheckedEncrypted',
+     CC_UNCHECKED.',2', 'UncheckedOverLimits',
++    CC_UNCHECKED.',3', 'UncheckedAmbiguousContent',
+     CC_BANNED,     'Banned',
+     CC_VIRUS,      'Virus',
+   );
+@@ -1853,6 +1854,7 @@ BEGIN {
+     CC_BANNED,      'id=%n - BANNED: %F',
+     CC_UNCHECKED.',1', 'id=%n - UNCHECKED: encrypted',
+     CC_UNCHECKED.',2', 'id=%n - UNCHECKED: over limits',
++    CC_UNCHECKED.',3', 'id=%n - UNCHECKED: ambiguous content',
+     CC_UNCHECKED,      'id=%n - UNCHECKED',
+     CC_SPAM,        'id=%n - spam',
+     CC_SPAMMY.',1', 'id=%n - spammy (tag3)',
+@@ -9976,7 +9978,8 @@ sub exists
+ sub attributes        # a string of characters representing attributes
+   { @_<2 ? shift->{attr}     : ($_[0]->{attr} = $_[1]) };
+ 
+-sub attributes_add {  # U=undecodable, C=crypted, D=directory,S=special,L=link
++sub attributes_add {  # U=undecodable, C=crypted, B=ambiguous-content,
++                      # D=directory, S=special, L=link
+   my $self = shift; my $a = $self->{attr}; $a = '' if !defined $a;
+   for my $arg (@_) { $a .= $arg  if $arg ne '' && index($a,$arg) < 0 }
+   $self->{attr} = $a;
+@@ -10435,6 +10438,20 @@ sub mime_decode_pre_epi($$$$$) {
+   }
+ }
+ 
++sub ambiguous_content {
++  my $entity = shift;
++  return unless $entity->is_multipart;
++  my $content_type = $entity->head->get('Content-Type');
++  if ($content_type && $content_type =~ m{^multipart/\w+(.+)}x) {
++    my ($params, $num) = ($1, 0);
++    while ($params =~ m{\G ; \s+ (?<param>\w+) = (?: \w+ | "(?:\\.|[^"\\])*" )}gx) {
++      $num++ if lc($+{param}) eq 'boundary';
++    }
++    return $num > 1;
++  }
++  return;
++}
++
+ # traverse MIME::Entity object depth-first,
+ # extracting preambles and epilogues as extra (pseudo)parts, and
+ # filling-in additional information into Amavis::Unpackers::Part objects
+@@ -10449,6 +10466,7 @@ sub mime_traverse($$$$$) {
+   if (!defined($body)) {  # a MIME container only contains parts, no bodypart
+     # create pseudo-part objects for MIME containers (e.g. multipart/* )
+     $part = Amavis::Unpackers::Part->new(undef,$parent_obj,1);
++    $part->attributes_add('B') if ambiguous_content($entity);
+ #   $part->type_short('no-file');
+     do_log(2, "%s %s Content-Type: %s", $part->base_name, $placement, $mt);
+ 
+@@ -14602,16 +14620,18 @@ sub check_mail($$) {
+ 
+       $which_section = "parts_decode_ext";
+       snmp_count('OpsDec');
+-      my($any_encrypted,$over_levels);
+-      ($hold, $any_undecipherable, $any_encrypted, $over_levels) =
++      my($any_encrypted,$over_levels,$ambiguous);
++      ($hold, $any_undecipherable, $any_encrypted, $over_levels, $ambiguous) =
+         Amavis::Unpackers::decompose_mail($msginfo->mail_tempdir,
+                                           $file_generator_object);
+-      $any_undecipherable ||= ($any_encrypted || $over_levels);
++      $any_undecipherable ||= ($any_encrypted || $over_levels || $ambiguous);
+       if ($any_undecipherable) {
+         $msginfo->add_contents_category(CC_UNCHECKED,0);
+         $msginfo->add_contents_category(CC_UNCHECKED,1) if $any_encrypted;
+         $msginfo->add_contents_category(CC_UNCHECKED,2) if $over_levels;
++        $msginfo->add_contents_category(CC_UNCHECKED,3) if $ambiguous;
+         for my $r (@{$msginfo->per_recip_data}) {
++          $r->add_contents_category(CC_UNCHECKED,3) if $ambiguous;
+           next if $r->bypass_virus_checks;
+           $r->add_contents_category(CC_UNCHECKED,0);
+           $r->add_contents_category(CC_UNCHECKED,1) if $any_encrypted;
+@@ -31965,7 +31985,7 @@ sub decompose_mail($$) {
+   my($tempdir,$file_generator_object) = @_;
+ 
+   my $hold; my(@parts); my $depth = 1;
+-  my($any_undecipherable, $any_encrypted, $over_levels) = (0,0,0);
++  my($any_undecipherable, $any_encrypted, $over_levels, $ambiguous) = (0,0,0,0);
+   my $which_section = "parts_decode";
+   # fetch all not-yet-visited part names, and start a new cycle
+ TIER:
+@@ -32027,13 +32047,14 @@ TIER:
+       if (defined $attr) {
+         $any_undecipherable++  if index($attr, 'U') >= 0;
+         $any_encrypted++       if index($attr, 'C') >= 0;
++        $ambiguous++           if index($attr, 'B') >= 0;
+       }
+     }
+     last TIER  if defined $hold;
+     $depth++;
+   }
+   section_time($which_section); prolong_timer($which_section);
+-  ($hold, $any_undecipherable, $any_encrypted, $over_levels);
++  ($hold, $any_undecipherable, $any_encrypted, $over_levels, $ambiguous);
+ }
+ 
+ # Decompose one part
+--- a/amavisd.conf
++++ b/amavisd.conf
+@@ -148,6 +148,7 @@ $defang_banned = 1;  # MIME-wrap passed
+ $defang_by_ccat{CC_BADH.",3"} = 1;  # NUL or CR character in header
+ $defang_by_ccat{CC_BADH.",5"} = 1;  # header line longer than 998 characters
+ $defang_by_ccat{CC_BADH.",6"} = 1;  # header field syntax error
++$defang_by_ccat{CC_UNCHECKED.",3"} = 1; # ambiguous content (e.g. multipart boundary)
+ 
+ 
+ # OTHER MORE COMMON SETTINGS (defaults may suffice):
diff -Nru amavisd-new-2.12.2/debian/patches/series amavisd-new-2.12.2/debian/patches/series
--- amavisd-new-2.12.2/debian/patches/series	2022-02-18 12:14:20.000000000 +0000
+++ amavisd-new-2.12.2/debian/patches/series	2024-04-12 15:24:15.000000000 +0000
@@ -6,3 +6,4 @@
 85-clarify_fqdn_error.patch
 90_fix_snmp_subagent_warning
 95_amavisd_helpers_fixes
+CVE-2024-28054.patch