The imap package provides server daemons for both the IMAP and POP mail access protocols. A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. Users of imap should upgrade to these updated packages, which contain a backported patch to resolve this issue.