CVE reported for Cyrus 3.0.0 - 3.0.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All,

I have obtained CVE-2017-14230 for the crasher in Cyrus up to 3.0.3 where:

tag FIND "" "Other Users"

Would cause uninitialised memory to be written to a buffer which was then interpreted as an unbounded C string.  This bug is fixed in 3.0.4, and we recommend everybody upgrade.

Regards,

Bron.

--
  Bron Gondwana, CEO, FastMail Pty Ltd
  brong@xxxxxxxxxxxxxxxx


----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux