Cyrus IMAPd 2.2.13p1 & 2.3.15 Released
Thomas Jarosch
thomas.jarosch at intra2net.com
Wed Sep 9 10:03:19 EDT 2009
On Wednesday, 9. September 2009 15:47:14 Ken Murchison wrote:
> I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15.
> These releases should both be considered production quality. These
> releases are being made at this time to fix the potential buffer
> overflow vulnerability described in CERT VU#336053:
> http://www.kb.cert.org/vuls/id/336053
Thanks for the new release!
Regarding the buffer overflow: The cert website currently outputs a
"Lotus Notes exception". Is the overflow theoretically exploitable via
a malicious email or does a user need to upload a malicious sieve script?
Cheers,
Thomas
More information about the Cyrus-devel
mailing list