CVE-2008-1199 (Medium) :
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create
dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify
files or directories that are writable by group, via a symlink attack.
CVE-2008-1218 (Medium) :
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using
blocking passdbs, allows remote attackers to bypass the password check via a password
containing TAB characters, which are treated as argument delimiters that enable the
skip_password_check field to be specified.
Aldas Nabazas
14f8a374c5