mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500

Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

MFH:		2019Q3
Security:	CVE-2019-11500

2 files changed, 6 insertions, 7 deletions

diff --git a/mail/dovecot-pigeonhole/Makefile b/mail/dovecot-pigeonhole/Makefile
index 216d4c096106..f2ccd0ba551c 100644
--- a/mail/dovecot-pigeonhole/Makefile
+++ b/mail/dovecot-pigeonhole/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	dovecot-pigeonhole
-PORTVERSION=	0.5.7.1
-PORTREVISION=	1
+PORTVERSION=	0.5.7.2
 CATEGORIES=	mail
 MASTER_SITES=	http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/
 DISTNAME=	${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION}
@@ -13,8 +12,8 @@ COMMENT=	Sieve plugin for the Dovecot 'deliver' LDA and LMTP
 
 LICENSE=	LGPL21
 
-BUILD_DEPENDS=	dovecot>=2.3.6:mail/dovecot
-RUN_DEPENDS=	dovecot>=2.3.6:mail/dovecot
+BUILD_DEPENDS=	dovecot>=2.3.7:mail/dovecot
+RUN_DEPENDS=	dovecot>=2.3.7:mail/dovecot
 
 DOVECOTVERSION=	2.3
 
diff --git a/mail/dovecot-pigeonhole/distinfo b/mail/dovecot-pigeonhole/distinfo
index 8bd6019b3e3e..dcefdc9d94a3 100644
--- a/mail/dovecot-pigeonhole/distinfo
+++ b/mail/dovecot-pigeonhole/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1563891950
-SHA256 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 3270b24c1f75a7c144f54d6d08ce994176e39c2cdb3ac4dd80ad5e64aaaa2028
-SIZE (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 1857291
+TIMESTAMP = 1567007127
+SHA256 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0
+SIZE (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 1857602