From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Fri, 23 Aug 2019 06:43:33 +0000 (+0300)
Subject: Release 2.3.7.2
X-Git-Tag: 2.3.7.2^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Frelease-2.3.7;p=thirdparty%2Fdovecot%2Fcore.git

Release 2.3.7.2
---

diff --git a/NEWS b/NEWS
index 8a1d94496c..e3bce8c674 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+v2.3.7.2 2019-08-28  Aki Tuomi <aki.tuomi@open-xchange.com>
+
+	* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
+	  when scanning data in quoted strings, leading to out of bounds heap
+	  memory writes. Found by Nick Roessler and Rafi Rubin.
+
 v2.3.7.1 2019-07-23  Timo Sirainen <timo.sirainen@open-xchange.com>
 
 	- Fix TCP_NODELAY errors being logged on non-Linux OSes
diff --git a/configure.ac b/configure.ac
index 5a9dcc15e8..4b59c6624b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.7.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.7.2],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv7($PACKAGE_VERSION)", [Dovecot ABI version])
 
 AC_CONFIG_SRCDIR([src])