I'd like to announce the release of Cyrus SASL 2.1.23 on ftp.andrew.cmu.edu. This version includes a fix for a potential buffer overflow in sasl_encode64() (see http://www.kb.cert.org/vuls/id/238019), otherwise it is identical to 2.1.22. Please note that while this fixes vulnerable code, non-vulnerable code may break if the buffer passed to sasl_encode64() is the exact size of the encoded data and doesn't include space for the trailing NUL. Please send any feedback either to cyrus-sasl@xxxxxxxxxxxxxxxxxxxx (public list) or to cyrus-bugs@xxxxxxxxxxxxxxx Download at: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz -- Kenneth Murchison Systems Programmer Carnegie Mellon University ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
