From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 18 Mar 2019 08:13:08 +0000 (+0200)
Subject: Released v2.2.36.3.
X-Git-Tag: 2.2.36.3^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a7d78f5a20888b4be87ffbb27287785f2fa1bae2;p=thirdparty%2Fdovecot%2Fcore.git

Released v2.2.36.3.
---

diff --git a/NEWS b/NEWS
index 29d954edee..464c74dd30 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+v2.2.36.3 2019-03-28  Timo Sirainen <tss@iki.fi>
+
+	* CVE-2019-7524: Missing input buffer size validation leads into
+	  arbitrary buffer overflow when reading fts or pop3 uidl header
+	  from Dovecot index. Exploiting this requires direct write access to
+	  the index files.
+
 v2.2.36.1 2019-02-05  Timo Sirainen <tss@iki.fi>
 
 	* CVE-2019-3814: If imap/pop3/managesieve/submission client has
diff --git a/configure.ac b/configure.ac
index dc8807fcb1..16283bf284 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.2.36.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.2.36.3],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.2.ABIv36($PACKAGE_VERSION)", [Dovecot ABI version])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_SRCDIR([src])