Package: dovecot CVE IDs: CVE-2020-24386, CVE-2020-25275 Vulnerabilities: - CVE-2020-24386: - When imap hibernation is active, an attacker with valid credentials can cause Dovecot to discover file system directory structures and access other users' emails via specially crafted commands. - CVE-2020-25275: - Innonketi Sennovskiy reported that the mail delivery and parsing in Dovecot can crash when the 10000th MIME part is message/rfc822. Fixed Version: For the stable distribution (buster), these problems have been fixed in version 1:2.3.4.1-5+deb10u5. Recommendation: Upgrade your dovecot packages. Further Information: - Detailed security status: Dovecot Security Tracker - Debian Security Advisories: Debian Security