Information on source package dovecot

Available versions

ReleaseVersion
wheezy (security)1:2.1.7-7+deb7u1
jessie (security)1:2.2.13-12~deb8u3
stretch1:2.2.27-3+deb9u1
buster1:2.2.33.2-1
sid1:2.2.33.2-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2013-6171vulnerable (no DSA)fixedfixedfixedfixedcheckpassword-reply in Dovecot before 2.2.7 performs setuid operations ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2008-4870vulnerablevulnerablevulnerablevulnerablevulnerabledovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...

Resolved issues

BugDescription
CVE-2017-2669auth: Do not double-expand key in passdb dict when authenticating
CVE-2016-8652The auth component in Dovecot before 2.2.27, when auth-policy is ...
CVE-2016-4983
CVE-2015-3420The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 ...
CVE-2014-3430Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x ...
CVE-2013-2111The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...
CVE-2011-4318Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and ...
CVE-2011-2167script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...
CVE-2011-2166script-login in Dovecot 2.0.x before 2.0.13 does not follow the user ...
CVE-2011-1929lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and ...
CVE-2010-4011Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage ...
CVE-2010-3780Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...
CVE-2010-3779Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the ...
CVE-2010-3707plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...
CVE-2010-3706plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...
CVE-2010-3304The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...
CVE-2010-0745Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...
CVE-2010-0535Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...
CVE-2009-3897Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ...
CVE-2009-3235Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...
CVE-2009-2632Buffer overflow in the SIEVE script component (sieve/script.c), as ...
CVE-2008-5301Directory traversal vulnerability in the ManageSieve implementation in ...
CVE-2008-4907The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...
CVE-2008-4578The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass ...
CVE-2008-4577The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...
CVE-2008-1218Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and ...
CVE-2008-1199Dovecot before 1.0.11, when configured to use mail_extra_groups to ...
CVE-2007-6598Dovecot before 1.0.10, with certain configuration options including ...
CVE-2007-4211The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...
CVE-2007-2231Directory traversal vulnerability in index/mbox/mbox-storage.c in ...
CVE-2006-5973Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...
CVE-2006-2414Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...
CVE-2006-0730Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...

Security announcements

DSA / DLADescription
DSA-3828-2dovecot - regression update
DSA-3828-1dovecot - security update
DLA-0004-1dovecot - security update
DSA-2954-1dovecot - security update
DSA-2252-1dovecot - programming error
DSA-1892-1dovecot - arbitrary code execution
DSA-1892-1dovecot - arbitrary code execution
DSA-1516-1dovecot - privilege escalation
DSA-1457-1dovecot
DSA-1359-1dovecot - directory traversal
DSA-1080-1dovecot - programming error

Search for package or bug name: Reporting problems