-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : dovecot Version : 1:2.2.13-12~deb8u5 CVE ID : CVE-2019-3814
It was discovered that there was a vulnerability in the dovecot IMAP/POP3 server. A flaw in the TLS username handling could lead to an attacker logging in as anyone else in the system if both auth_ssl_{require_client,username_from}_cert were enabled. For Debian 8 "Jessie", this issue has been fixed in dovecot version 1:2.2.13-12~deb8u5. We recommend that you upgrade your dovecot packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxcZvAACgkQHpU+J9Qx Hljjnw//cuBph+QmqAJ+sPiyv3enpJbbLjjQmkWC5XCEcWoNxFxH6nt9y6BjLusu Cw5Ah6GxVujZvfw1gu0XsUu4p/6ghHLYz4dOC1otdi/1m6Mk6CbylpSOlo43n0R9 wsDp29i4FoLQdz9UwSaE7ErnMAXGI5hCmRRXnaaW2A8OxITCXy80qHjK0/icZi8r rn9DnbtEwkt//kPdPRS/SHq7o7Gd+VFTIUSniS4PquYMZnG28QJNkRwSOzHhC51f 75DRkb23+C65605OLhLAMncqwWPrwixI7LXqMknrSsBQ+nhkanAVrXlrH1N+y86U 6Eim/XNm4mSK9RACe4TMLB1UE633bln4lveJsvBNU6WwDqSIm2aehsNOEx+46euv 3hCLZVXQkpuYwxGmSDz2Dvvt9cNIwbWGUrOC8KsKOtBxytBMA2qXOzdeCoJcfTe4 XIjelTZ0FinE/zqMO6o+GLKTSIqxXUUVh+Vfu0fqLw/bFL4JHnXHgnzD/bFN0v0o iUZhz3h7M8csl5seZTdh9p6vM6yNti3aDKZA1kfW+JCXzB8WjOKDx9YiCt8+8uDG ilbamJSo2dMpX+DPZsCDGSemkvPUSCoOH8QYPNx+63g78Kg3z9w51kMNQfwNZC6M dkDO4V4p4dRN5nurvC4/wrjOXNEzvTCiB4NnIgWIFIFzGk8kWMY= =PLha -----END PGP SIGNATURE-----