Released v2.2.36.3.

author Timo Sirainen <timo.sirainen@open-xchange.com>

Mon, 18 Mar 2019 08:13:08 +0000 (10:13 +0200)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 18 Mar 2019 10:52:29 +0000 (10:52 +0000)
author Timo Sirainen <timo.sirainen@open-xchange.com>
Mon, 18 Mar 2019 08:13:08 +0000 (10:13 +0200)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 18 Mar 2019 10:52:29 +0000 (10:52 +0000)
diff --git a/NEWS b/NEWS

index 29d954edeec7f3e7b9696e26da46fc973badad46..464c74dd30393aa38683fd129ef858fe6890fcbd 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+v2.2.36.3 2019-03-28  Timo Sirainen <tss@iki.fi>
+
+       * CVE-2019-7524: Missing input buffer size validation leads into
+         arbitrary buffer overflow when reading fts or pop3 uidl header
+         from Dovecot index. Exploiting this requires direct write access to
+         the index files.
+
  v2.2.36.1 2019-02-05  Timo Sirainen <tss@iki.fi>
  
         * CVE-2019-3814: If imap/pop3/managesieve/submission client has
diff --git a/configure.ac b/configure.ac

index dc8807fcb1f48e17762723df7e8d01913bbb230e..16283bf284825bea1379eb5459a1c799ad5180fb 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
  
  # Be sure to update ABI version also if anything changes that might require
  # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.2.36.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.2.36.3],[dovecot@dovecot.org])
  AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.2.ABIv36($PACKAGE_VERSION)", [Dovecot ABI version])
  AC_CONFIG_AUX_DIR([.])
  AC_CONFIG_SRCDIR([src])
author	Timo Sirainen <timo.sirainen@open-xchange.com>
	Mon, 18 Mar 2019 08:13:08 +0000 (10:13 +0200)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 18 Mar 2019 10:52:29 +0000 (10:52 +0000)
NEWS		patch \| blob \| blame \| history
configure.ac		patch \| blob \| blame \| history