From LWN.net: "imap is a package which contains POP3 and IMAP mail servers.
These vulnerabilities can be exploited only after user
authentication, which basically limits the scope of the vulnerability
to a remote shell with that user's permissions. On systems where
users already have a shell, this vulnerability will not provide
anything new to that user (unless he/she has only local shell
access). But, on systems where the email accounts do not provide
shell access (tipically ISPs), this is a bigger problem.
It is also important to note that packages from version 5.1 or higher
of the CL distribution have been compiled with StackGuard, which
makes it more difficult (but not impossible) to exploit buffer
overflows of this type.