Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

Simon Matter simon.matter at
Wed Sep 9 16:20:33 EDT 2009

> I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15.
> These releases should both be considered production quality.  These
> releases are being made at this time to fix the potential buffer
> overflow vulnerability described in CERT VU#336053:
> The 2.2.13p1 release is no different from 2.2.13 other than the buffer
> overflow fix.  The 2.3.15 release contains several other non-critical
> bugfixes and feature enhancements.  For full details, please see
> doc/changes.html and doc/install-upgrade.html which are included in the
> distribution.
> I'd personally like to thank Bron Gondwana of for finding
> and fixing the buffer overflow, as well as his numerous other
> contributions to the 2.3.15 release.

Hello Cyrus IMAP team,

Thanks for the new release. While upgrading our RPMs I found two small

1) Old (ancient) GCC doesn't like some of the new code. A patch to fix the
issue is attached.

2) Old (ancient) zlib doesn't have the deflateBound() function. Looks like
at least zlib >= 1.2.x is needed. Maybe the zlib detection could also
check the version of the deflateBound() function?

For those interested, the package is available in the usual place

-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-imapd-2.3.15-oldgcc.patch
Type: text/x-patch
Size: 1744 bytes
Desc: not available
Url : 

More information about the Info-cyrus mailing list