| Errata ID | 433 |
|---|---|
| Date | 2019-02-27 |
| Source package | dovecot |
| Fixed in version | 1:2.2.27-3+deb9u3 |
| Description | This update addresses the following issue:
* Fix a vulnerability in the TLS username handling where an attacker could
login as anyone else in the system if
auth_ssl_{require_client_cert,username_from_cert} was enabled.
(CVE-2019-3814) |
| Additional notes | |
| CVE ID | CVE-2019-3814 |
| UCS Bug number | #48774 |
