cyrus-imapd reports:
2019-12-19
When creating a missing mailbox as part of a sieve "fileinto" directive, lmtpd would create it as administrator, bypassing ACL checks.
CVE-2019-19783
cyrus-imapd-3.0.13.tgz
Download
amd64