USN-487-1: Dovecot vulnerability
17 July 2007
It was discovered that Dovecot, when configured to use non-system-user
spools and compressed folders, would allow directory traversals in
mailbox names. Remote authenticated users could potentially read email
owned by other users.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system upgrade is sufficient to effect the