There is 1 open security issue in stretch.
1 issue left for the package maintainer to handle:
- CVE-2019-18928:
(needs triaging)
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
You can find information about how to handle this issue in the security team's documentation.