=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN373
_____________________________________________________________________

DATE                      : 15/09/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Cyrus IMAPd.

======================================================================
http://lists.andrew.cmu.edu/pipermail/cyrus-announce/2009-September/000068.html
______________________________________________________________________

I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15.
These releases should both be considered production quality.  These
releases are being made at this time to fix the potential buffer
overflow vulnerability described in CERT VU#336053:
http://www.kb.cert.org/vuls/id/336053

The 2.2.13p1 release is no different from 2.2.13 other than the buffer
overflow fix.  The 2.3.15 release contains several other non-critical
bugfixes and feature enhancements.  For full details, please see
doc/changes.html and doc/install-upgrade.html which are included in the
distribution.

I'd personally like to thank Bron Gondwana of Fastmail.fm for finding
and fixing the buffer overflow, as well as his numerous other
contributions to the 2.3.15 release.

URLs for these releases:
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.13p1.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.15.tar.gz
or
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.13p1.tar.gz
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.15.tar.gz


Questions and comments can be directed to
info-cyrus at lists.andrew.cmu.edu (public list), or cyrus-bugs at andrew.cmu.edu.

-- 
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================