From b9ba0bbcd9e43649fcf2d0903072d1cbf8f743b7 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Thu, 28 Mar 2019 14:56:50 +0100
Subject: [PATCH] dovecot updated to 2.3.5.1 CVE-2019-7524: Missing input
 buffer size validation leads into   arbitrary buffer overflow when reading
 fts or pop3 uidl header   from Dovecot index.

---
 dovecot.spec | 8 +++++++-
 sources      | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/dovecot.spec b/dovecot.spec
index 4212779..4f642b7 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -3,7 +3,7 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.3.5
+Version: 2.3.5.1
 %global prever %{nil}
 Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
@@ -493,6 +493,12 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1
+- dovecot updated to 2.3.5.1
+- CVE-2019-7524: Missing input buffer size validation leads into
+  arbitrary buffer overflow when reading fts or pop3 uidl header
+  from Dovecot index.
+
 * Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1
 - dovecot updated to 2.3.5, pigeonhole updated to 0.5.5
 
diff --git a/sources b/sources
index ea5c3e2..1a5e4f7 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6
+SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
 SHA512 (dovecot-2.3-pigeonhole-0.5.5.tar.gz) = 21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94