Summary: | <dev-perl/Email-Address-1.912.0: Denial of Service (CVE-2018-12558) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | kfm |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | perl |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2018/q2/211 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
dev-perl/Email-Address-1.912.0
|
Runtime testing required: | --- |
Description
kfm
2018-06-20 12:13:33 UTC
Note that any applications that are reverse dependencies of Email::Address would ideally be modified to use Email::Address::XS instead. There is virtually no prospect of this issue being resolved in Email::Address. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=881118bfa7e587e634c5568c71b2251cc78665a4 commit 881118bfa7e587e634c5568c71b2251cc78665a4 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2019-07-10 14:17:30 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2019-07-10 14:17:30 +0000 dev-perl/Email-Address: Bump to version 1.912.0 re bug #658562 Upstream: - Add mitigation for DoS via pathologically constructed email addresses in CVE-2015-7686 and CVE-2015-12558 Bug: https://bugs.gentoo.org/658562 Bug: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686 Bug: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12558 Package-Manager: Portage-2.3.66, Repoman-2.3.16 Signed-off-by: Kent Fredric <kentnl@gentoo.org> .../Email-Address/Email-Address-1.912.0.ebuild | 25 ++++++++++++++++++++++ dev-perl/Email-Address/Manifest | 1 + 2 files changed, 26 insertions(+) Arches please stabilize dev-perl/Email-Address-1.912.0 ppc stable amd64 stable ppc64 stable sparc stable ia64 stable x86 stable alpha stable all arches stable @maintainer(s), please cleanup by dropping vulnerable version 1.908.0. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78387a9ee6c848dab80b93b5475dc1e18228ab31 commit 78387a9ee6c848dab80b93b5475dc1e18228ab31 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-26 19:10:54 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-26 19:10:54 +0000 dev-perl/Email-Address: security cleanup (bug #658562) Bug: https://bugs.gentoo.org/658562 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../Email-Address/Email-Address-1.908.0.ebuild | 25 ---------------------- dev-perl/Email-Address/Manifest | 1 - 2 files changed, 26 deletions(-) GLSA Vote: No Repository is clean, all done! |