There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
- CVE-2020-28200:
(postponed; to be fixed through a stable update)
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
- CVE-2021-33515:
(postponed; to be fixed through a stable update)
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
You can find information about how to handle these issues in the security team's documentation.