Information on source package dovecot

Available versions

ReleaseVersion
stretch1:2.2.27-3+deb9u5
stretch (security)1:2.2.27-3+deb9u7
buster1:2.3.4.1-5+deb10u6
buster (security)1:2.3.4.1-5+deb10u5
bullseye1:2.3.13+dfsg1-2
bookworm1:2.3.13+dfsg1-2
sid1:2.3.16+dfsg1-3

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-33515fixedvulnerable (no DSA, postponed)fixedfixedfixedThe submission service in Dovecot before 2.3.15 allows STARTTLS comman ...
CVE-2020-28200vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerablefixedThe Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource ...

Open unimportant issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2008-4870vulnerablevulnerablevulnerablevulnerablevulnerabledovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...

Resolved issues

BugDescription
CVE-2021-29157Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...
CVE-2020-25275Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and ...
CVE-2020-24386An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, ...
CVE-2020-12674In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...
CVE-2020-12673In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...
CVE-2020-12100In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...
CVE-2020-10967In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...
CVE-2020-10958In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...
CVE-2020-10957In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...
CVE-2020-7957The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...
CVE-2020-7046lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...
CVE-2019-19722In Dovecot before 2.3.9.2, an attacker can crash a push-notification d ...
CVE-2019-11500In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ...
CVE-2019-11499In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...
CVE-2019-11494In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...
CVE-2019-10691The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ...
CVE-2019-7524In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker ...
CVE-2019-3814It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 in ...
CVE-2017-15132A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SA ...
CVE-2017-15130A denial of service flaw was found in dovecot before 2.2.34. An attack ...
CVE-2017-14461A specially crafted email delivered over SMTP and passed on to Dovecot ...
CVE-2017-2669Dovecot before version 2.2.29 is vulnerable to a denial of service. Wh ...
CVE-2016-8652The auth component in Dovecot before 2.2.27, when auth-policy is confi ...
CVE-2016-4983A postinstall script in the dovecot rpm allows local users to read the ...
CVE-2015-3420The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 ...
CVE-2014-3430Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x befo ...
CVE-2013-6171checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...
CVE-2013-2111The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...
CVE-2011-4318Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostn ...
CVE-2011-2167script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...
CVE-2011-2166script-login in Dovecot 2.0.x before 2.0.13 does not follow the user a ...
CVE-2011-1929lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2. ...
CVE-2010-4011Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memor ...
CVE-2010-3780Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...
CVE-2010-3779Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ...
CVE-2010-3707plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...
CVE-2010-3706plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...
CVE-2010-3304The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...
CVE-2010-0745Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...
CVE-2010-0535Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled ...
CVE-2009-3897Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ce ...
CVE-2009-3235Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1 ...
CVE-2009-2632Buffer overflow in the SIEVE script component (sieve/script.c), as use ...
CVE-2008-5301Directory traversal vulnerability in the ManageSieve implementation in ...
CVE-2008-4907The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...
CVE-2008-4578The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass inte ...
CVE-2008-4577The ACL plugin in Dovecot before 1.1.4 treats negative access rights a ...
CVE-2008-1218Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1 ...
CVE-2008-1199Dovecot before 1.0.11, when configured to use mail_extra_groups to all ...
CVE-2007-6598Dovecot before 1.0.10, with certain configuration options including us ...
CVE-2007-4211The ACL plugin in Dovecot before 1.0.3 allows remote authenticated use ...
CVE-2007-2231Directory traversal vulnerability in index/mbox/mbox-storage.c in Dove ...
CVE-2006-5973Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...
CVE-2006-2414Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows r ...
CVE-2006-0730Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...

Security announcements

DSA / DLADescription
DLA-2517-1dovecot - security update
DSA-4825-1dovecot - security update
DLA-2328-1dovecot - security update
DSA-4745-1dovecot - security update
DSA-4690-1dovecot - security update
DLA-1901-1dovecot - security update
DSA-4510-1dovecot - security update
DLA-1736-1dovecot - security update
DSA-4418-1dovecot - security update
DLA-1667-1dovecot - security update
DSA-4385-1dovecot - security update
DLA-1333-1dovecot - security update
DSA-4130-1dovecot - security update
DSA-3828-2dovecot - regression update
DSA-3828-1dovecot - security update
DLA-0004-1dovecot - security update
DSA-2954-1dovecot - security update
DSA-2252-1dovecot - programming error
DSA-1892-1dovecot - arbitrary code execution
DSA-1516-1dovecot - privilege escalation
DSA-1457-1dovecot
DSA-1359-1dovecot - directory traversal
DSA-1080-1dovecot - programming error

Search for package or bug name: Reporting problems