Source: cyrus-imapd-2.4 Version: 2.4.17+nocaldav-2 Severity: important Tags: security upstream patch fixed-upstream
Hi, the following vulnerabilities were published for cyrus-imapd-2.4. CVE-2015-8077[0]: | integer overflow in the start_octet addition after the | 07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 fix CVE-2015-8078[1]: | integer overflow in the section_offset addition after the | c21e179c1f6b968fe69bebe079176714e511587b fix If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Both basically are due to incomplete fix of CVE-2015-8076, so technically wheezy and jessie are not affected by CVE-2015-8077 and CVE-2015-8078 but the fix for CVE-2015-8076 would need to be completed including these patches. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8077 https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08 [1] https://security-tracker.debian.org/tracker/CVE-2015-8078 https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 Regards, Salvatore
