Dovecot has released version 1.2.17  and 2.0.13  to address a potential crash, and possibly mailbox corruption, when dovecot parsed header names that contained NUL characters. This was due to a pointer possibly pointing past allocated memory. An upstream patch  is available.
dovecot 1.2.17 for Fedora 13 has been just submitted for updates-testing, 2.0.13 versions for Fedora 14+ are already in updatest-testing repository.
Created dovecot tracking bugs for this issue
Affects: fedora-all [bug 709108]
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1187 https://rhn.redhat.com/errata/RHSA-2011-1187.html