Red Hat Security Advisory 2022-1950-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
c96d5111f5070a5af8936a5b285732d58b1ba5c094025f86d272acb9af844c39
Gentoo Linux Security Advisory 202107-41 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in a Denial of Service condition. Versions less than 2.3.14.1 are affected.
921a1009ced664a698c76a058ec91a52208799efb3c4fee94eb16caf0ca9dbed
Ubuntu Security Notice 4993-1 - Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. Fabian Ising and Damian Poddebniak discovered that Dovecot incorrectly handled STARTTLS when using the SMTP submission service. A remote attacker could possibly use this issue to inject plaintext commands before STARTTLS negotiation. Various other issues were also addressed.
8070e4ff7c7ad7153e26bd392db955c947c13d14fa02d99a329da78fe2c25836