An integer overflow vulnerability that emerged after applying partial fix for CVE-2015-8076 by commit https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 was found. Upstream patch: https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08 CVE assignment: http://seclists.org/oss-sec/2015/q4/223
Created cyrus-imapd tracking bugs for this issue: Affects: fedora-all [bug 1278375]
Statement: Not vulnerable. This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6 and 7, as they did not include the patch to fix CVE-2015-8076, which introduced the CVE-2015-8077 issue.