>>>>> "JB" == Josh Bressers <bressers@xxxxxxxxxx> writes: JB> The popsubfolders option seems to have been added after 2.3, FC5 JB> may be affected. Yes, I think so. The cyrus-imapd package is weird; CVS devel "branch" has an older version, while the built rawhide tree has the ".fc5" tagged version. Inspection of the code seems to indicate that 2.3.1 is indeed vulnerable; the responsible code in imap/pop3d.c seems to be unchanged between 2.3.1 and 2.3.2 (and 2.3.3, the latest version, so we'll have to dig up a patch). - J<
