Multiple vulnerabilities was discovered and corrected in dovecot:

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin
permission to the owner of each mailbox in a non-public namespace,
which might allow remote authenticated users to bypass intended access
restrictions by changing the ACL of a mailbox, as demonstrated by a
symlinked shared mailbox (CVE-2010-3779).

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to
cause a denial of service (master process outage) by simultaneously
disconnecting many (1) IMAP or (2) POP3 sessions (CVE-2010-3780).

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow
remote attackers to read mailboxes that have unintended weak ACLs
(CVE-2010-3304).

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and 2.0.x before 2.0.5 interprets an ACL entry as a directive to
add to the permissions granted by another ACL entry, instead of a
directive to replace the permissions granted by another ACL entry,
in certain circumstances involving the private namespace of a user,
which allows remote authenticated users to bypass intended access
restrictions via a request to read or modify a mailbox (CVE-2010-3706).

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and
2.0.x before 2.0.5 interprets an ACL entry as a directive to add to
the permissions granted by another ACL entry, instead of a directive
to replace the permissions granted by another ACL entry, in certain
circumstances involving more specific entries that occur after less
specific entries, which allows remote authenticated users to bypass
intended access restrictions via a request to read or modify a mailbox
(CVE-2010-3707).

This advisory provides dovecot 1.2.15 which is not vulnerable to
these issues