<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div style="font-family:Arial;">Hi All,<br></div>
<div style="font-family:Arial;"><br></div>
<div style="font-family:Arial;">I have obtained CVE-2017-14230 for the crasher in Cyrus up to 3.0.3 where:</div>
<div style="font-family:Arial;"><br></div>
<div style="font-family:Arial;">tag FIND "" "Other Users"<br></div>
<div style="font-family:Arial;"><br></div>
<div style="font-family:Arial;">Would cause uninitialised memory to be written to a buffer which was then interpreted as an unbounded C string.  This bug is fixed in 3.0.4, and we recommend everybody upgrade.<br></div>
<div style="font-family:Arial;"><br></div>
<div style="font-family:Arial;">Regards,<br></div>
<div style="font-family:Arial;"><br>Bron.<br></div>
<div style="font-family:Arial;"><br></div>
<div id="sig56629417"><div class="signature">--<br></div>
<div class="signature">  Bron Gondwana, CEO, FastMail Pty Ltd<br></div>
<div class="signature">  brong@fastmailteam.com<br></div>
<div class="signature"><br></div>
</div>
<div style="font-family:Arial;"><br></div>
</body>
</html>