Debian 10228 Published by

A dovecot security update has been released for Debian GNU/Linux 8 Extended LTS to address a vulnerability where a malicious sender could crash Dovecot repeatedly by sending messages with more than 10,000 MIME parts.



ELA-342-1 dovecot security update

Package dovecot
Version 1:2.2.13-12~deb8u9
Related CVEs CVE-2020-25275

A vulnerability was discovered in the Dovecot IMAP server where a malicious sender could crash Dovecot repeatedly by sending messages with more than 10,000 MIME parts.

For Debian 8 Jessie, these problems have been fixed in version 1:2.2.13-12~deb8u9.

We recommend that you upgrade your dovecot packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-342-1 dovecot security update