diff -Nru curl-7.47.0/debian/changelog curl-7.47.0/debian/changelog
--- curl-7.47.0/debian/changelog	2017-10-04 12:57:15.000000000 +0000
+++ curl-7.47.0/debian/changelog	2017-10-17 17:53:46.000000000 +0000
@@ -1,3 +1,11 @@
+curl (7.47.0-1ubuntu2.4) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: IMAP FETCH response out of bounds read
+    - debian/patches/CVE-2017-1000257.patch: check size in lib/imap.c.
+    - CVE-2017-1000257
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 17 Oct 2017 13:53:46 -0400
+
 curl (7.47.0-1ubuntu2.3) xenial-security; urgency=medium
 
   * SECURITY UPDATE: printf floating point buffer overflow
diff -Nru curl-7.47.0/debian/patches/CVE-2017-1000257.patch curl-7.47.0/debian/patches/CVE-2017-1000257.patch
--- curl-7.47.0/debian/patches/CVE-2017-1000257.patch	1970-01-01 00:00:00.000000000 +0000
+++ curl-7.47.0/debian/patches/CVE-2017-1000257.patch	2017-10-17 17:53:44.000000000 +0000
@@ -0,0 +1,26 @@
+From 2d119e90f8669e3c358468298941f48c15253f97 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 7 Oct 2017 00:11:31 +0200
+Subject: [PATCH] imap: if a FETCH response has no size, don't call write
+ callback
+
+---
+ lib/imap.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: curl-7.47.0/lib/imap.c
+===================================================================
+--- curl-7.47.0.orig/lib/imap.c	2017-10-17 13:53:39.420208253 -0400
++++ curl-7.47.0/lib/imap.c	2017-10-17 13:53:39.420208253 -0400
+@@ -1136,6 +1136,11 @@ static CURLcode imap_state_fetch_resp(st
+         /* The conversion from curl_off_t to size_t is always fine here */
+         chunk = (size_t)size;
+ 
++      if(!chunk) {
++        /* no size, we're done with the data */
++        state(conn, IMAP_STOP);
++        return CURLE_OK;
++      }
+       result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);
+       if(result)
+         return result;
diff -Nru curl-7.47.0/debian/patches/series curl-7.47.0/debian/patches/series
--- curl-7.47.0/debian/patches/series	2017-10-04 12:52:36.000000000 +0000
+++ curl-7.47.0/debian/patches/series	2017-10-17 18:23:53.000000000 +0000
@@ -25,6 +25,7 @@
 CVE-2017-1000254.patch
 CVE-2017-7407-1.patch
 CVE-2017-7407-2.patch
+CVE-2017-1000257.patch
 
 # do not add patches below
 90_gnutls.patch