from the CVE:
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
Update to 1.0.13
maintainers - please provide an updated ebuild
already in portage since 2008-03-10.
there is already another dovecot security bug open that involves
stabling =1.0.13: bug #212336
Thanks Wolfram. stabling is handled on bug #212336. since it's also C3, we can vote for GLSA for both bugs here. I tend to vote YES.
Voting YES as well and filing request.
Pleaase not that the password issue never affected any stable ebuild and is should therefore not be considered for the GLSA.
CVE-2008-1271 will be rejected as a dupe.