Debian Security Advisory 1359-1 - It was discovered that dovecot, a secure mail server that supports mbox and maildir mailboxes, when configured to use non-system-user spools and compressed folders, may allow directory traversal in mailbox names.
c99de84de3a6624d35babd146e78279a4e2f271c2e0f1153e521dba567842d3a
Ubuntu Security Notice 487-1 - It was discovered that Dovecot, when configured to use non-system-user spools and compressed folders, would allow directory traversals in mailbox names. Remote authenticated users could potentially read email owned by other users.
ffd6e32af1d9c2c08cb7ad728e03641e3c20ff6b9bb09e074b7e53dc54643953