Cyrus SASL 2.1.23 Released

Ken Murchison murch at
Thu May 14 13:05:34 EDT 2009

I'd like to announce the release of Cyrus SASL 2.1.23 on  This version includes a fix for a potential buffer 
overflow in sasl_encode64() (see, 
otherwise it is identical to 2.1.22.  Please note that while this fixes 
vulnerable code, non-vulnerable code may break if the buffer passed to 
sasl_encode64() is the exact size of the encoded data and doesn't 
include space for the trailing NUL.

Please send any feedback either to cyrus-sasl at
(public list) or to cyrus-bugs at

Download at:

Kenneth Murchison
Systems Programmer
Carnegie Mellon University
Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Cyrus-announce mailing list