mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500

Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

MFH:		2019Q3
Security:	CVE-2019-11500

mail/dovecot-pigeonhole/Makefile

@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	dovecot-pigeonhole
-PORTVERSION=	0.5.7.1
-PORTREVISION=	1
+PORTVERSION=	0.5.7.2
 CATEGORIES=	mail
 MASTER_SITES=	http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/
 DISTNAME=	${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION}
@@ -13,8 +12,8 @@ COMMENT=	Sieve plugin for the Dovecot 'deliver' LDA and LMTP
 
 LICENSE=	LGPL21
 
-BUILD_DEPENDS=	dovecot>=2.3.6:mail/dovecot
-RUN_DEPENDS=	dovecot>=2.3.6:mail/dovecot
+BUILD_DEPENDS=	dovecot>=2.3.7:mail/dovecot
+RUN_DEPENDS=	dovecot>=2.3.7:mail/dovecot
 
 DOVECOTVERSION=	2.3
 

mail/dovecot-pigeonhole/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1563891950
-SHA256 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 3270b24c1f75a7c144f54d6d08ce994176e39c2cdb3ac4dd80ad5e64aaaa2028
-SIZE (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 1857291
+TIMESTAMP = 1567007127
+SHA256 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0
+SIZE (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 1857602

mail/dovecot/Makefile

@@ -7,7 +7,7 @@
 ######################################################################
 
 PORTNAME=	dovecot
-PORTVERSION=	2.3.7.1
+PORTVERSION=	2.3.7.2
 CATEGORIES=	mail ipv6
 MASTER_SITES=	https://dovecot.org/releases/2.3/
 

mail/dovecot/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1563891542
-SHA256 (dovecot-2.3.7.1.tar.gz) = c5a51d6f76e6e9c843df69e52a364a4c65c4c60e0c51d992eaa45f22f71803c3
-SIZE (dovecot-2.3.7.1.tar.gz) = 7076500
+TIMESTAMP = 1567006255
+SHA256 (dovecot-2.3.7.2.tar.gz) = 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260
+SIZE (dovecot-2.3.7.2.tar.gz) = 7076231