CVE-2020-10958: In Dovecot before 188.8.131.52, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
CVE-2020-10957: In Dovecot before 184.108.40.206, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
CVE-2020-10967: In Dovecot before 220.127.116.11, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.0 instead of
Last update: 2020-01-21
This package is part of the ongoing testing transition known as auto-icu.
Please avoid uploads unrelated to this transition, they would
likely delay it and require supplementary work from the release
managers. On the other hand, if your package has problems
preventing it to migrate to testing, please fix them
as soon as possible.
You can probably find supplementary information in the
archives or in the corresponding