Rob Siemborski <[EMAIL PROTECTED]> writes: > This message is to announce the release of Cyrus IMSPd 1.6a4 and 1.7a on > ftp.andrew.cmu.edu > > These releases correct a recently discovered buffer overflow > vulnerability, as well as clean up a significant amount of buffer handling > throughout the code. I'd like to thank Cyrus Daboo for the time he spent > cleaning up a great deal of the code, and Felix Lindner of n.runs for > alerting us to the vulnerability. > > All sites are urged to upgrade as soon as possible. > > The distribution is available at: > > ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a4.tar.gz > ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7a.tar.gz > and > http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a4.tar.gz > http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7a.tar.gz
Do you have a patch for the vulnerability? -- Ted Cabeen http://www.pobox.com/~secabeen [EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot [EMAIL PROTECTED]