Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

Bron Gondwana brong at
Thu Sep 10 00:51:15 EDT 2009

(un-CCed CERT, they don't care!)

On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote:
> > I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15.
> > These releases should both be considered production quality.  These
> > releases are being made at this time to fix the potential buffer
> > overflow vulnerability described in CERT VU#336053:
> >
> >
> > The 2.2.13p1 release is no different from 2.2.13 other than the buffer
> > overflow fix.  The 2.3.15 release contains several other non-critical
> > bugfixes and feature enhancements.  For full details, please see
> > doc/changes.html and doc/install-upgrade.html which are included in the
> > distribution.
> >
> > I'd personally like to thank Bron Gondwana of for finding
> > and fixing the buffer overflow, as well as his numerous other
> > contributions to the 2.3.15 release.
> Hello Cyrus IMAP team,
> Thanks for the new release. While upgrading our RPMs I found two small
> issues:
> 1) Old (ancient) GCC doesn't like some of the new code. A patch to fix the
> issue is attached.

Applied to my git tree - I'll push it back to CVS.  Thanks.

> 2) Old (ancient) zlib doesn't have the deflateBound() function. Looks like
> at least zlib >= 1.2.x is needed. Maybe the zlib detection could also
> check the version of the deflateBound() function?

It shouldn't be too hard to rewrite it to not use deflateBound() at all.
I'll have a look at that.

Who still has ancient zlib?  RH 7.3?
> For those interested, the package is available in the usual place

Cool :)  I don't actually have a redhat machine to test things on, but
it's good to have these packages out there.

Bron ( not everyone wants to be hand-building Cyrus all the time! )

More information about the Info-cyrus mailing list