Release 2.3.7.2

diff --git a/NEWS b/NEWS
index 8a1d94496c41c738137b1d2b0b81d7faeb16c031..e3bce8c674c47f9530e95f60a89ba675876ba08a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+v2.3.7.2 2019-08-28  Aki Tuomi <aki.tuomi@open-xchange.com>
+
+       * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
+         when scanning data in quoted strings, leading to out of bounds heap
+         memory writes. Found by Nick Roessler and Rafi Rubin.
+
 v2.3.7.1 2019-07-23  Timo Sirainen <timo.sirainen@open-xchange.com>
 
        - Fix TCP_NODELAY errors being logged on non-Linux OSes

diff --git a/configure.ac b/configure.ac
index 5a9dcc15e8ad21c9043466aee8a174ed09a3b333..4b59c6624b1b17a9f5d4afd6809ecda2c62e0dbb 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.7.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.7.2],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv7($PACKAGE_VERSION)", [Dovecot ABI version])
 
 AC_CONFIG_SRCDIR([src])