Dovecot could be made to expose sensitive information over the network.
- dovecot: IMAP and POP3 email server
It was discovered that Dovecot incorrectly handled client certificates. A
remote attacker in possession of a valid certificate with an empty username
field could possibly use this issue to impersonate other users.
The problem can be corrected by updating your system to the following