I'd like to announce the release of Cyrus SASL 2.1.23 on
ftp.andrew.cmu.edu. This version includes a fix for a potential buffer
overflow in sasl_encode64() (see http://www.kb.cert.org/vuls/id/238019),
otherwise it is identical to 2.1.22. Please note that while this fixes
vulnerable code, non-vulnerable code may break if the buffer passed to
sasl_encode64() is the exact size of the encoded data and doesn't
include space for the trailing NUL.
Please send any feedback either to cyrus-sasl@xxxxxxxxxxxxxxxxxxxx
(public list) or to cyrus-bugs@xxxxxxxxxxxxxxx
Download at:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz
--
Kenneth Murchison
Systems Programmer
Carnegie Mellon University