CVE-2010-3304 (retired)

Priority
Description
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow remote
attackers to read mailboxes that have unintended weak ACLs.
Notes
 mdeslaur> upstream says only 1.2.x, but code is present in at least as far
 mdeslaur> back as jaunty. Code doesn't look affected in hardy and earlier.
 mdeslaur> Couldn't reproduce on karmic, so not-affected.
Package
Upstream:released (1:1.2.13-1)
Patches:
Upstream:http://hg.dovecot.org/dovecot-1.2/rev/aae3b2a12cd0
More Information

Updated: 2019-03-26 11:52:56 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)