[ 21:33 ler  ]

• 500569 mail/dovecot-pigeonhole/Makefile
• 500569 mail/dovecot-pigeonhole/distinfo
• 500569 mail/dovecot/Makefile
• 500569 mail/dovecot/distinfo
• 500569 mail/dovecot/files/patch-src_lib-master_test-event-stats.c
• 500569 mail/dovecot/files/patch-src_lib-sql_driver-mysql.c
• 500569 mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.6, 0.5.6 respectively.

Dovecot changelog:
* CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer
access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was started over
TLS secured channel and invalid authentication message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when
XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two
replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF consistently when
CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without setting
ssl_client_ca_* settings.
- pop3c: SSL support was broken.

(Only the first 15 lines of the commit message are shown above )

[ 17:53 ler  ]

• 486621 mail/dovecot/Makefile
• 486621 mail/dovecot/files/patch-src_lib-sql_driver-mysql.c

mail/dovecot: Add upstream patch to fix a double free in MySQL.

Obtained
from:	https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch