Cyrus SASL 2.1.23 Released

Ken Murchison murch at andrew.cmu.edu
Thu May 14 13:05:34 EDT 2009


I'd like to announce the release of Cyrus SASL 2.1.23 on 
ftp.andrew.cmu.edu.  This version includes a fix for a potential buffer 
overflow in sasl_encode64() (see http://www.kb.cert.org/vuls/id/238019), 
otherwise it is identical to 2.1.22.  Please note that while this fixes 
vulnerable code, non-vulnerable code may break if the buffer passed to 
sasl_encode64() is the exact size of the encoded data and doesn't 
include space for the trailing NUL.

Please send any feedback either to cyrus-sasl at lists.andrew.cmu.edu
(public list) or to cyrus-bugs at andrew.cmu.edu.

Download at:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

-- 
Kenneth Murchison
Systems Programmer
Carnegie Mellon University


More information about the Info-cyrus mailing list