| Errata ID | 627 |
|---|---|
| Date | 2020-01-15 |
| Source package | cyrus-imapd |
| Fixed in version | 2.5.10-3+deb9u2 |
| Description | This update addresses the following issue: * An issue was discovered in Cyrus IMAP. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. (CVE-2019-19783) |
| Additional notes | |
| CVE ID | CVE-2019-19783 |
| UCS Bug number | #50684 |
