PublicDateAtUSN: 2019-02-05 13:00:00 UTC
Candidate: CVE-2019-3814
CRD: 2019-02-05 13:00:00 UTC
PublicDate: 2019-03-27 13:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
 https://www.dovecot.org/pipermail/dovecot/2019-February/114575.html
 https://ubuntu.com/security/notices/USN-3881-1
 https://ubuntu.com/security/notices/USN-3881-2
Description:
 It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1
 incorrectly handled client certificates. A remote attacker in possession of
 a valid certificate with an empty username field could possibly use this
 issue to impersonate other users.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N [6.8 MEDIUM]


Patches_dovecot:
upstream_dovecot: released (2.2.36.1,2.3.4.1)
precise/esm_dovecot: released (1:2.0.19-0ubuntu2.6)
trusty_dovecot: released (1:2.2.9-1ubuntu2.5)
trusty/esm_dovecot: released (1:2.2.9-1ubuntu2.5)
xenial_dovecot: released (1:2.2.22-1ubuntu2.9)
esm-infra/xenial_dovecot: released (1:2.2.22-1ubuntu2.9)
bionic_dovecot: released (1:2.2.33.2-1ubuntu4.2)
cosmic_dovecot: released (1:2.3.2.1-1ubuntu3.1)
devel_dovecot: released (1:2.3.4.1-1ubuntu1)