diff --git a/SOURCES/cyrus-imapd-cve_2019_11356.patch b/SOURCES/cyrus-imapd-cve_2019_11356.patch
new file mode 100644
index 0000000..bfb3a48
--- /dev/null
+++ b/SOURCES/cyrus-imapd-cve_2019_11356.patch
@@ -0,0 +1,26 @@
+diff --git a/imap/httpd.c b/imap/httpd.c
+index dc53f8c..24b65e5 100644
+--- a/imap/httpd.c
++++ b/imap/httpd.c
+@@ -2202,7 +2202,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date)
+     memset(&tm, 0, sizeof(struct tm));
+     tm.tm_isdst = -1;
+     sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
+-    sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
++    sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
+     tm.tm_year -= 1900;
+     for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) {
+         if (!strcmp(month, monthname[tm.tm_mon])) break;
+diff --git a/imap/ical_support.c b/imap/ical_support.c
+index 1d7550a..e1bda50 100644
+--- a/imap/ical_support.c
++++ b/imap/ical_support.c
+@@ -458,7 +458,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical)
+ 
+                 /* Check if this is an empty property error */
+                 if (sscanf(errstr,
+-                           "No value for %s property", propname) == 1) {
++                           "No value for %255s property", propname) == 1) {
+                     /* Empty LOCATION is OK */
+                     if (!strcasecmp(propname, "LOCATION")) continue;
+                     if (!strcasecmp(propname, "COMMENT")) continue;
diff --git a/SPECS/cyrus-imapd.spec b/SPECS/cyrus-imapd.spec
index 76acc2a..d3a88d7 100644
--- a/SPECS/cyrus-imapd.spec
+++ b/SPECS/cyrus-imapd.spec
@@ -9,7 +9,7 @@
 
 Name: cyrus-imapd
 Version: 3.0.7
-Release: 15%{?dist}
+Release: 15%{?dist}.1
 
 %define ssl_pem_file /etc/pki/%name/%name.pem
 
@@ -42,6 +42,7 @@ Patch4: cyrus-imapd-close_backup_on_failure.patch
 Patch5: cyrus-imapd-memory_leak_on_cleanup.patch
 Patch6: cyrus-imapd-memory_leak_on_cleanup_2.patch
 Patch7: cyrus-imapd-close_backup_fd_on_error.patch
+Patch8: cyrus-imapd-cve_2019_11356.patch
 
 Source10: cyrus-imapd.logrotate
 Source11: cyrus-imapd.pam-config
@@ -55,6 +56,8 @@ Source17: cyrus-imapd.service
 Source18: cyrus-imapd-init.service
 Source19: cyrus-imapd.tmpfiles.conf
 
+
+
 # Source files for running the Cassandane test suite at build time.
 Source80: https://github.com/cyrusimap/cassandane/archive/%cocas.tar.gz#/cassandane-%{scmt %cocas}.tar.gz
 
@@ -672,6 +675,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
 
 
 %changelog
+* Fri Jun  7 2019 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-15.1
+- Resolves: #1718194 - don't overrun buffer when parsing strings with sscanf()
+
 * Mon Oct  8 2018 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-15
 - Related: #1602472 - Fix rpmdiff warnings