https://dovecot.org/list/dovecot-news/2019-April/000405.html
https://dovecot.org/list/dovecot-news/2019-April/000407.html
FWIW bumping the existing dovecot-2.3.5.1.ebuild to dovecot-2.3.5.2.ebuild seems to work fine.
2.3.5.2 is not in tree yet.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f2896be569c065349d7259299890ac5f70f8aeb commit 3f2896be569c065349d7259299890ac5f70f8aeb Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2019-04-19 06:34:35 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2019-04-19 06:34:35 +0000 net-mail/dovecot: security bump to 2.3.5.2 Bug: https://bugs.gentoo.org/683732 Package-Manager: Portage-2.3.63, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/dovecot/Manifest | 1 + net-mail/dovecot/dovecot-2.3.5.2.ebuild | 294 ++++++++++++++++++++++++++++++++ 2 files changed, 295 insertions(+)
Arches, please test and mark stable =net-mail/dovecot-2.3.5.2 TARGET KEYWORDS=alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sparc x86 Thank you
amd64 stable
alpha stable
arm stable
x86 stable
ia64 stable
ppc stable
ppc64 stable
I'll do bug 684822 for hppa instead, so I guess this can be closed.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201908-29 at https://security.gentoo.org/glsa/201908-29 by GLSA coordinator Thomas Deutschmann (whissi).