Released v2.3.5.2

diff --git a/NEWS b/NEWS
index 7922a37e54f9cd66bd9b93719baa40c1e6bb1e79..95d8295651df2163f2888ae8dc73522021d54ee1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+v2.3.5.2 2019-04-18  Timo Sirainen <tss@iki.fi>
+
+       * CVE-2019-10691: Trying to login with 8bit username containing
+         invalid UTF8 input causes auth process to crash if auth policy is
+         enabled. This could be used rather easily to cause a DoS. Similar
+         crash also happens during mail delivery when using invalid UTF8 in
+         From or Subject header when OX push notification driver is used.
+
 v2.3.5.1 2019-03-28  Timo Sirainen <tss@iki.fi>
 
        * CVE-2019-7524: Missing input buffer size validation leads into

diff --git a/configure.ac b/configure.ac
index ddb63afba51950e9c9fce0b02f6cab45ecc64a5a..4bc4dc4ea029e849e28e046ba7f307a65848d1c3 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.5.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.5.2],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv5($PACKAGE_VERSION)", [Dovecot ABI version])
 
 AC_CONFIG_SRCDIR([src])