Debian Linux Security Advisory 4590-1 - It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.
7499dbe419697acfe2027ceca0aba6b752a7e8780a14c7275faefccefb192664