Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

Thomas Jarosch thomas.jarosch at
Wed Sep 9 10:03:19 EDT 2009

On Wednesday, 9. September 2009 15:47:14 Ken Murchison wrote:
> I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15.
> These releases should both be considered production quality.  These
> releases are being made at this time to fix the potential buffer
> overflow vulnerability described in CERT VU#336053:

Thanks for the new release!

Regarding the buffer overflow: The cert website currently outputs a
"Lotus Notes exception". Is the overflow theoretically exploitable via
a malicious email or does a user need to upload a malicious sieve script?


More information about the Cyrus-devel mailing list