Dovecot has released 2 public e-mails detailing 2 security issues in dovecot version 1.0.x The first one seems to not be patchable, but a user setup issue (probably no action required in packaging): http://www.dovecot.org/list/dovecot-news/2008-March/000060.html The second one seems to have fixes incorporated into the latest release: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
The first was already submitted as bug #437152 and is fixed in RHEL 5.2. The second one is also known as CVE-2008-1218.
CVE-2008-1218 was tracked via bug #436928, which also explains why it was not handled as a security issue.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-0205.html