Recent security fixes

Florian Weimer fweimer at
Mon Oct 5 05:09:24 EDT 2015


Martin Prpic pointed out that you apparently fixed a security issue:


This is great, thanks.  I think this is the relevant commit:


However, I wonder if the fix is complete.  Could n turn negative
(possibly after truncation)?  Then the range checks seem incomplete.

I also saw some (otherwise unrelated) commits which might be

Could you comment on whether these fixes need to be tracked as fixes for
security vulnerabilities?


More information about the Cyrus-devel mailing list