Cyrus SASL 2.1.23 Released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'd like to announce the release of Cyrus SASL 2.1.23 on ftp.andrew.cmu.edu. This version includes a fix for a potential buffer overflow in sasl_encode64() (see http://www.kb.cert.org/vuls/id/238019), otherwise it is identical to 2.1.22. Please note that while this fixes vulnerable code, non-vulnerable code may break if the buffer passed to sasl_encode64() is the exact size of the encoded data and doesn't include space for the trailing NUL.

Please send any feedback either to cyrus-sasl@xxxxxxxxxxxxxxxxxxxx
(public list) or to cyrus-bugs@xxxxxxxxxxxxxxx

Download at:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz

--
Kenneth Murchison
Systems Programmer
Carnegie Mellon University

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux