It was discovered that Dovecot, when configured to use non-system-user
spools and compressed folders, would allow directory traversals in
mailbox names. Remote authenticated users could potentially read email
owned by other users.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.04 | noarch | dovecot-common | < 1.0.rc17-1ubuntu2.1 | UNKNOWN |
Ubuntu | 6.10 | noarch | dovecot-common | < 1.0.rc2-1ubuntu2.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | dovecot-common | < 1.0.beta3-3ubuntu5.5 | UNKNOWN |