Errata overview
Errata ID 599
Date 2019-02-27
Source package dovecot
Fixed in version 1:2.2.13-12~deb8u5
This update addresses the following issue:
* Fix a vulnerability in the TLS username handling where an attacker could
  login as anyone else in the system if
  auth_ssl_{require_client_cert,username_from_cert} was enabled.
Additional notes
CVE ID CVE-2019-3814
UCS Bug number #48765