{"id":"MGASA-2020-0010","summary":"Updated cyrus-imapd packages fix security vulnerability","details":"Updated cyrus-imapd packages fix security vulnerability:\n\nIt was discovered that the lmtpd component of the Cyrus IMAP server\ncreated mailboxes with administrator privileges if the \"fileinto\" was\nused, bypassing ACL checks (CVE-2019-19783).\n","modified":"2026-04-16T04:42:43.359042325Z","published":"2020-01-05T15:37:51Z","upstream":["CVE-2019-19783"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0010.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25913"},{"type":"WEB","url":"https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.12.html"},{"type":"WEB","url":"https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html"},{"type":"WEB","url":"https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"},{"type":"WEB","url":"https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"},{"type":"WEB","url":"https://www.debian.org/security/2019/dsa-4590"}],"affected":[{"package":{"name":"cyrus-imapd","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/cyrus-imapd?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.15-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0010.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}