From 7ec6d0adea3aa375c6ba7124c93314b346a78edc Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 18 Mar 2019 12:54:07 +0200
Subject: [PATCH] Released v2.3.5.1

---
 NEWS         | 7 +++++++
 configure.ac | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 839f1262e2..7922a37e54 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+v2.3.5.1 2019-03-28  Timo Sirainen <tss@iki.fi>
+
+	* CVE-2019-7524: Missing input buffer size validation leads into
+	  arbitrary buffer overflow when reading fts or pop3 uidl header
+	  from Dovecot index. Exploiting this requires direct write access to
+	  the index files.
+
 v2.3.5 2019-03-05  Timo Sirainen <tss@iki.fi>
 
 	+ Lua push notification driver: mail keywords and flags are provided
diff --git a/configure.ac b/configure.ac
index 58c7c9b2c7..ddb63afba5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.5],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.5.1],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv5($PACKAGE_VERSION)", [Dovecot ABI version])
 
 AC_CONFIG_SRCDIR([src])
-- 
2.47.3