diff -up cyrus-imapd-2.3.15/sieve/bc_eval.c.bufov cyrus-imapd-2.3.15/sieve/bc_eval.c
--- cyrus-imapd-2.3.15/sieve/bc_eval.c.bufov	2009-03-31 06:11:30.000000000 +0200
+++ cyrus-imapd-2.3.15/sieve/bc_eval.c	2009-09-18 15:05:29.187990786 +0200
@@ -500,7 +500,7 @@ static int eval_bc_test(sieve_interp_t *
 	int comparator=ntohl(bc[i+3].value);
 	int apart=ntohl(bc[i+4].value);
 	int count=0;
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
@@ -669,7 +669,7 @@ static int eval_bc_test(sieve_interp_t *
 	int relation=ntohl(bc[i+2].value);
 	int comparator=ntohl(bc[i+3].value);
 	int count=0;	
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
@@ -790,7 +790,7 @@ static int eval_bc_test(sieve_interp_t *
 	int transform=ntohl(bc[i+4].value);
 	/* ntohl(bc[i+5].value) is the now unused 'offset' */
 	int count=0;
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
diff -up cyrus-imapd-2.3.15/sieve/script.c.bufov cyrus-imapd-2.3.15/sieve/script.c
--- cyrus-imapd-2.3.15/sieve/script.c.bufov	2009-09-02 15:56:18.000000000 +0200
+++ cyrus-imapd-2.3.15/sieve/script.c	2009-09-18 15:04:00.728927938 +0200
@@ -668,9 +668,9 @@ static int do_sieve_error(int ret,
     if ((ret != SIEVE_OK) && interp->err) {
 	char buf[1024];
 	if (lastaction == -1) /* we never executed an action */
-	    sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
+	    snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
 	else
-	    sprintf(buf, "%s: %s", action_to_string(lastaction),
+	    snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
 		    errmsg ? errmsg : sieve_errstr(ret));
  
 	ret |= interp->execute_err(buf, interp->interp_context,
diff -up cyrus-imapd-2.3.15/sieve/sieve.y.bufov cyrus-imapd-2.3.15/sieve/sieve.y
--- cyrus-imapd-2.3.15/sieve/sieve.y.bufov	2009-03-26 00:58:54.000000000 +0100
+++ cyrus-imapd-2.3.15/sieve/sieve.y	2009-09-18 15:04:00.734928038 +0200
@@ -1159,7 +1159,7 @@ static int verify_relat(char *r)
 	else if (!strcmp(r, "ne")) {return NE;}
 	else if (!strcmp(r, "eq")) {return EQ;}
 	else{
-	  sprintf(errbuf, "flag '%s': not a valid relational operation", r);
+	  snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
 	  yyerror(errbuf);
 	  return -1;
 	}