CVE-2019-3814 (retired)

Priority
Description
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1
incorrectly handled client certificates. A remote attacker in possession of
a valid certificate with an empty username field could possibly use this
issue to impersonate other users.
Assigned-to
mdeslaur
Package
Upstream:released (2.2.36.1,2.3.4.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:2.0.19-0ubuntu2.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2.2.9-1ubuntu2.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.2.22-1ubuntu2.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.2.33.2-1ubuntu4.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:2.3.2.1-1ubuntu3.1)
Ubuntu 19.04 (Disco Dingo):released (1:2.3.4.1-1ubuntu1)
More Information

Updated: 2019-03-29 02:14:58 UTC (commit 4f84fe790cebaab8768c0c369531aca9c55f7450)