* SECURITY UPDATE: information disclosure via newly created mailboxes with incorrect ACLs - debian/patches/CVE-2010-3304.patch: verify the directory isn't the same as the INBOX's directory in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3304 * SECURITY UPDATE: ACL bypass via incorrect ACL merging - debian/patches/CVE-2010-370x.patch: fix logic of merging multiple ACLs in src/plugins/acl/{acl-api.h,acl-backend-vfile.c,acl-backend.c, acl-cache.c}. - CVE-2010-3706 - CVE-2010-3707 * SECURITY UPDATE: restriction bypass via mailbox ACL changing - debian/patches/CVE-2010-3779.patch: don't give admin rights to all owner mailboxes in src/plugins/acl/acl-backend-vfile.c. - CVE-2010-3779 * SECURITY UPDATE: denial of service via many simultaneous disconnects. - debian/patches/CVE-2010-3780.patch: don't die after three failed writes to log in src/lib/failures.c. - CVE-2010-3780 * debian/control: removed linux-kernel-headers from Build-Conflicts to resolve building with sbuild.