Errata overview
Errata ID 433
Date 2019-02-27
Source package dovecot
Fixed in version 1:2.2.27-3+deb9u3
This update addresses the following issue:
* Fix a vulnerability in the TLS username handling where an attacker could
  login as anyone else in the system if
  auth_ssl_{require_client_cert,username_from_cert} was enabled.
Additional notes
CVE ID CVE-2019-3814
UCS Bug number #48774