From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 5 Apr 2019 07:35:01 +0000 (+0300)
Subject: Released v2.3.5.2
X-Git-Tag: 2.3.5.2^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F101%2Fhead;p=thirdparty%2Fdovecot%2Fcore.git

Released v2.3.5.2
---

diff --git a/NEWS b/NEWS
index 7922a37e54..95d8295651 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+v2.3.5.2 2019-04-18  Timo Sirainen <tss@iki.fi>
+
+	* CVE-2019-10691: Trying to login with 8bit username containing
+	  invalid UTF8 input causes auth process to crash if auth policy is
+	  enabled. This could be used rather easily to cause a DoS. Similar
+	  crash also happens during mail delivery when using invalid UTF8 in
+	  From or Subject header when OX push notification driver is used.
+
 v2.3.5.1 2019-03-28  Timo Sirainen <tss@iki.fi>
 
 	* CVE-2019-7524: Missing input buffer size validation leads into
diff --git a/configure.ac b/configure.ac
index ddb63afba5..4bc4dc4ea0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.5.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.5.2],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv5($PACKAGE_VERSION)", [Dovecot ABI version])
 
 AC_CONFIG_SRCDIR([src])