Cyrus IMAPd 2.2.13p1 & 2.3.15 Released
brong at fastmail.fm
Thu Sep 10 00:51:15 EDT 2009
(un-CCed CERT, they don't care!)
On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote:
> > I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15.
> > These releases should both be considered production quality. These
> > releases are being made at this time to fix the potential buffer
> > overflow vulnerability described in CERT VU#336053:
> > http://www.kb.cert.org/vuls/id/336053
> > The 2.2.13p1 release is no different from 2.2.13 other than the buffer
> > overflow fix. The 2.3.15 release contains several other non-critical
> > bugfixes and feature enhancements. For full details, please see
> > doc/changes.html and doc/install-upgrade.html which are included in the
> > distribution.
> > I'd personally like to thank Bron Gondwana of Fastmail.fm for finding
> > and fixing the buffer overflow, as well as his numerous other
> > contributions to the 2.3.15 release.
> Hello Cyrus IMAP team,
> Thanks for the new release. While upgrading our RPMs I found two small
> 1) Old (ancient) GCC doesn't like some of the new code. A patch to fix the
> issue is attached.
Applied to my git tree - I'll push it back to CVS. Thanks.
> 2) Old (ancient) zlib doesn't have the deflateBound() function. Looks like
> at least zlib >= 1.2.x is needed. Maybe the zlib detection could also
> check the version of the deflateBound() function?
It shouldn't be too hard to rewrite it to not use deflateBound() at all.
I'll have a look at that.
Who still has ancient zlib? RH 7.3?
> For those interested, the package is available in the usual place
Cool :) I don't actually have a redhat machine to test things on, but
it's good to have these packages out there.
Bron ( not everyone wants to be hand-building Cyrus all the time! )
More information about the Info-cyrus