From baf9232c12705b02bcfc12493f61e0f2d23612a0 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 28 Aug 2019 11:04:19 +0300
Subject: [PATCH] Release 2.2.36.4

---
 NEWS         | 6 ++++++
 configure.ac | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 464c74dd30..67eb47a4b0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+v2.2.36.4 2019-08-28  Aki Tuomi <aki.tuomi@open-xchange.com>
+
+	* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
+	  when scanning data in quoted strings, leading to out of bounds heap
+	  memory writes. Found by Nick Roessler and Rafi Rubin.
+
 v2.2.36.3 2019-03-28  Timo Sirainen <tss@iki.fi>
 
 	* CVE-2019-7524: Missing input buffer size validation leads into
diff --git a/configure.ac b/configure.ac
index 16283bf284..4d9f22c00a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.2.36.3],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.2.36.4],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.2.ABIv36($PACKAGE_VERSION)", [Dovecot ABI version])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_SRCDIR([src])
-- 
2.47.2