Debian Security Advisory DSA-4590-1 email@example.com https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2019 https://www.debian.org/security/faq
Package : cyrus-imapd CVE ID : CVE-2019-19783
It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.
For the oldstable distribution (stretch), this problem has been fixed in version 2.5.10-3+deb9u2.
For the stable distribution (buster), this problem has been fixed in version 3.0.8-6+deb10u3.
We recommend that you upgrade your cyrus-imapd packages.
For the detailed security status of cyrus-imapd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cyrus-imapd
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: firstname.lastname@example.org