CVE-2019-3814 (retired)

Priority
Description
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1
incorrectly handled client certificates. A remote attacker in possession of
a valid certificate with an empty username field could possibly use this
issue to impersonate other users.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.2.36.1,2.3.4.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:2.0.19-0ubuntu2.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.2.22-1ubuntu2.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.2.33.2-1ubuntu4.2)
Ubuntu 19.04 (Disco Dingo):released (1:2.3.4.1-1ubuntu1)
More Information

Updated: 2019-10-09 08:05:24 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)