Summary from URL. Not sure wether stable is affected: Cyrus-imapd pop3d Remote Stack Based Buffer Overrun Description There is a trivially remotely exploitable Buffer Overrun in Cyrus-imapd's pop3d. The issue is not present in the default install, Cyrus-imapd has to have the popsubfolders set to 1 in imapd.conf. From the manpage: popsubfolders: 1 Allow access to subfolders of INBOX via POP3 by using userid+subfolder syntax as the authentication/authorization id. When popsubfolders is set one can overflow a stack buffer by sending an overly long USER command argument to the remote pop3d.
popsubfolders is a new option in cyrus-imapd 2.3 series <http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&searchterm=popsubfolders&msg=36365>. We do have cyrus-imapd-2.3.1 in portage but it was p.maked because 2.3 series is still a testing release.
Thx Tuan.