Cyrus IMSPd 1.6a4 and 1.7a Released

Rob Siemborski rjs3 at andrew.cmu.edu
Fri Dec 12 14:25:31 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This message is to announce the release of Cyrus IMSPd 1.6a4 and 1.7a on
ftp.andrew.cmu.edu

These releases correct a recently discovered buffer overflow
vulnerability, as well as clean up a significant amount of buffer handling
throughout the code.  I'd like to thank Cyrus Daboo for the time he spent
cleaning up a great deal of the code, and Felix Lindner of n.runs for
alerting us to the vulnerability.

All sites are urged to upgrade as soon as possible.

The distribution is available at:

ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a4.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7a.tar.gz
and
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a4.tar.gz
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7a.tar.gz

- -Rob

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBP9oWLmes8cJc4y/MEQLINgCeJKZ8lEI9I2eGI26/bwFS8TbTSpEAoL5N
guQ7DY7iuHeEZo8rWWAH7HrO
=fZrU
-----END PGP SIGNATURE-----





More information about the Cyrus-announce mailing list