An integer overflow vulnerability that emerged after applying partial fix for CVE-2015-8076 by commit https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b was found. Upstream patch: https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 CVE assignment: http://seclists.org/oss-sec/2015/q4/223
Created cyrus-imapd tracking bugs for this issue: Affects: fedora-all [bug 1278381]
Statement: Not vulnerable. This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6 and 7, as they did not include the patch to fix CVE-2015-8076, which introduced the CVE-2015-8078 issue.