DSA-4825-1 dovecot -- dovecotID: oval:org.secpod.oval:def:69845 | Date: (C)2021-03-03 (M)2023-11-13 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the dovecot-dev email server. CVE-2020-24386 When imap hibernation is active, an attacker can cause dovecot-dev to discover file system directory structures and access other users" emails via specially crafted commands. CVE-2020-25275 Innokentii Sennovskiy reported that the mail delivery and parsing in dovecot-dev can crash when the 10000th MIME part is message/rfc822 . This flaw was introduced by earlier changes addressing CVE-2020-12100.