Released v2.3.5.1

author Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 18 Mar 2019 10:54:07 +0000 (12:54 +0200)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 18 Mar 2019 10:54:07 +0000 (12:54 +0200)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 18 Mar 2019 10:54:07 +0000 (12:54 +0200)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 18 Mar 2019 10:54:07 +0000 (12:54 +0200)
diff --git a/NEWS b/NEWS

index 839f1262e29216890e90fa5b50a95bde7ff2caf0..7922a37e54f9cd66bd9b93719baa40c1e6bb1e79 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+v2.3.5.1 2019-03-28  Timo Sirainen <tss@iki.fi>
+
+       * CVE-2019-7524: Missing input buffer size validation leads into
+         arbitrary buffer overflow when reading fts or pop3 uidl header
+         from Dovecot index. Exploiting this requires direct write access to
+         the index files.
+
  v2.3.5 2019-03-05  Timo Sirainen <tss@iki.fi>
  
         + Lua push notification driver: mail keywords and flags are provided
diff --git a/configure.ac b/configure.ac

index 58c7c9b2c7f4f6b4526ebd5e5a597bc49c79cf6c..ddb63afba51950e9c9fce0b02f6cab45ecc64a5a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
  
  # Be sure to update ABI version also if anything changes that might require
  # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.5],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.5.1],[dovecot@dovecot.org])
  AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv5($PACKAGE_VERSION)", [Dovecot ABI version])
  
  AC_CONFIG_SRCDIR([src])
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 18 Mar 2019 10:54:07 +0000 (12:54 +0200)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 18 Mar 2019 10:54:07 +0000 (12:54 +0200)
NEWS		patch \| blob \| blame \| history
configure.ac		patch \| blob \| blame \| history