diff --git a/dovecot.spec b/dovecot.spec
index 2094a00..1f50dc1 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -3,9 +3,9 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.3.10.1
+Version: 2.3.11.3
 %global prever %{nil}
-Release: 3%{?dist}
+Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
 
@@ -13,7 +13,7 @@ URL: http://www.dovecot.org/
 Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
 Source1: dovecot.init
 Source2: dovecot.pam
-%global pigeonholever 0.5.10
+%global pigeonholever 0.5.11
 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
 Source9: dovecot.sysconfig
 Source10: dovecot.tmpfilesd
@@ -432,6 +432,19 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1
+- CVE-2020-12100: Parsing mails with a large number of MIME parts could
+  have resulted in excessive CPU usage or a crash due to running out of
+  stack memory.
+- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
+  message buffer size, which leads to reading past allocation which can
+  lead to crash.
+- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
+  address that has the empty quoted string as local-part causes the lmtp
+  service to crash.
+- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
+  zero-length message, which leads to assert-crash later on.
+
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3
 - Second attempt - Rebuilt for
   https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
diff --git a/sources b/sources
index 649f5e0..a256f67 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06
-SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b
+SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb
+SHA512 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 793d93edc50192c52654e2f7244d3e01aaa4e69f786e3ecfcd658a4ab26a5099cc5319cb93221150db4ce94bc4515ffb38115b1d0eeb6e052b956efec680b33d