Cyrus IMSPd 1.6a4 and 1.7a Released
Ted Cabeen
secabeen at pobox.com
Fri Dec 12 15:12:11 EST 2003
Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
> This message is to announce the release of Cyrus IMSPd 1.6a4 and 1.7a on
> ftp.andrew.cmu.edu
>
> These releases correct a recently discovered buffer overflow
> vulnerability, as well as clean up a significant amount of buffer handling
> throughout the code. I'd like to thank Cyrus Daboo for the time he spent
> cleaning up a great deal of the code, and Felix Lindner of n.runs for
> alerting us to the vulnerability.
>
> All sites are urged to upgrade as soon as possible.
>
> The distribution is available at:
>
> ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a4.tar.gz
> ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7a.tar.gz
> and
> http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a4.tar.gz
> http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7a.tar.gz
Do you have a patch for the vulnerability?
--
Ted Cabeen http://www.pobox.com/~secabeen ted at impulse.net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen at pobox.com
"I have taken all knowledge to be my province." -F. Bacon secabeen at cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen at netcom.com
More information about the Info-cyrus
mailing list