A vulnerability was found in dovecot before version 2.3.9.1 where mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers.
Reference: https://github.com/dovecot/core/compare/393a8cabf4dad893bf2ec60bf96cfde7a0c58432%5E..1307766b6f5d97341a47376657d342bcefd10f1b.patch
References: https://dovecot.org/pipermail/dovecot-news/2019-December/000426.html https://dovecot.org/pipermail/dovecot-news/2019-December/000425.html https://dovecot.org/pipermail/dovecot-news/2019-December/000423.html
Created dovecot tracking bugs for this issue: Affects: fedora-all [bug 1783256]
Statement: The vulnerable functionality is not present in the versions of dovecot package in Red Hat Products therefore they are not affected by this flaw.