Version 3.2.2-1 of cyrus-imapd is marked for autoremoval from testing on Fri 21 Aug 2020. It is affected by #966114. You should try to prevent the removal by fixing these RC bugs.
The current maintainer is looking for someone who can help with
the maintenance of this package. If you are interested in this
package, please consider helping out. One way you can help is
offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #921717 for more information.
CVE-2019-18928: Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it.
You can probably find supplementary information in the
debian-release
archives or in the corresponding
release.debian.org
bug.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/c/cyrus-imapd.png){kind=link}