Roberto C. Sanchez wrote: > * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying > during username canonicalization, enabling a heap buffer overflow before > any authentication or network traffic
Do you have a reference for this? The CVE isn't publicly allocated.
Did upstream tell you about it?
Cheers,
Moritz
