From 38c8f1daff9edd8a79d1f523abcdda84d874e496 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 5 Apr 2019 10:35:01 +0300
Subject: [PATCH] Released v2.3.5.2

---
 NEWS         | 8 ++++++++
 configure.ac | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 7922a37e54..95d8295651 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+v2.3.5.2 2019-04-18  Timo Sirainen <tss@iki.fi>
+
+	* CVE-2019-10691: Trying to login with 8bit username containing
+	  invalid UTF8 input causes auth process to crash if auth policy is
+	  enabled. This could be used rather easily to cause a DoS. Similar
+	  crash also happens during mail delivery when using invalid UTF8 in
+	  From or Subject header when OX push notification driver is used.
+
 v2.3.5.1 2019-03-28  Timo Sirainen <tss@iki.fi>
 
 	* CVE-2019-7524: Missing input buffer size validation leads into
diff --git a/configure.ac b/configure.ac
index ddb63afba5..4bc4dc4ea0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.59])
 
 # Be sure to update ABI version also if anything changes that might require
 # recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Dovecot],[2.3.5.1],[dovecot@dovecot.org])
+AC_INIT([Dovecot],[2.3.5.2],[dovecot@dovecot.org])
 AC_DEFINE_UNQUOTED([DOVECOT_ABI_VERSION], "2.3.ABIv5($PACKAGE_VERSION)", [Dovecot ABI version])
 
 AC_CONFIG_SRCDIR([src])
-- 
2.47.2