---
- branch: MAIN
  date: Fri Apr 19 05:35:04 UTC 2019
  files:
  - new: '1.27'
    old: '1.26'
    path: pkgsrc/mail/dovecot2/Makefile.common
    pathrev: pkgsrc/mail/dovecot2/Makefile.common@1.27
    type: modified
  - new: '1.91'
    old: '1.90'
    path: pkgsrc/mail/dovecot2/distinfo
    pathrev: pkgsrc/mail/dovecot2/distinfo@1.91
    type: modified
  - new: '1.19'
    old: '1.18'
    path: pkgsrc/mail/dovecot2-sqlite/Makefile
    pathrev: pkgsrc/mail/dovecot2-sqlite/Makefile@1.19
    type: modified
  id: 20190419T053504Z.db6e8989893ef69162a476f83fb6f6ab8c8607f8
  log: |
    dovecot2: updated to 2.3.5.2

    v2.3.5.2
    * CVE-2019-10691: Trying to login with 8bit username containing
      invalid UTF8 input causes auth process to crash if auth policy is
      enabled. This could be used rather easily to cause a DoS. Similar
      crash also happens during mail delivery when using invalid UTF8 in
      From or Subject header when OX push notification driver is used.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/mail'
  unixtime: '1555652104'
  user: adam