mail/dovecot -- multiple vulnerabilitiesVuXML ID: bd98066d-4ea4-11eb-b412-e86a64caca56Discovery: 2020-08-17
Entry: 2021-01-04
Packagesdovecot < 2.3.13
DescriptionAki Tuomi reports:
When imap hibernation is active, an attacker can cause Dovecot to
discover file system directory structure and access other users'
emails using specially crafted command.
The attacker must have valid credentials to access the
mail server.
Mail delivery / parsing crashed when the 10 000th MIME part was
message/rfc822 (or if parent was multipart/digest). This happened
due to earlier MIME parsing changes for CVE-2020-12100.
URLhttps://dovecot.org/pipermail/dovecot-news/2021-January/000448.html