Index: vuln.xml =================================================================== --- vuln.xml (revision 558111) +++ vuln.xml (working copy) @@ -58,6 +58,42 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + mail/dovecot -- multiple vulnerabilities + + + dovecot + 2.3.13 + + + + +

Aki Tuomi reports:

+
+

When imap hibernation is active, an attacker can cause Dovecot to + discover file system directory structure and access other users' + emails using specially crafted command. + The attacker must have valid credentials to access the + mail server.

+
+
+

Mail delivery / parsing crashed when the 10 000th MIME part was + message/rfc822 (or if parent was multipart/digest). This happened + due to earlier MIME parsing changes for CVE-2020-12100.

+
+ +
+ + https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html + CVE-2020-24386 + CVE-2020-25275 + + + 2020-08-17 + 2021-01-04 + +
+ jasper -- heap overflow vulnerability