Summary: | <dev-perl/Email-Address-List-0.60.0: Denial of service via parsing time complexity (CVE-2018-18898) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kentnl, perl, titanofold |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-04-25 22:57:53 UTC
This seems to actually be a bug in Email-Address-List. Debian have tracked down the patches but 0.6 is fixed anyway. So, @maintainer(s), please cleanup =dev-perl/Email-Address-List-0.50.0. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5951fb95d5762ed1b84596148cdc3d441aac39f9 commit 5951fb95d5762ed1b84596148cdc3d441aac39f9 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2020-04-26 12:25:01 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2020-04-26 12:33:57 +0000 dev-perl/Email-Address-List: Security cleanup 0.50.0 re bug #719454 Removing versions affected by CVE-2018-18898 Bug: https://bugs.gentoo.org/719454 Bug: https://nvd.nist.gov/vuln/detail/CVE-2018-18898 Bug: https://www.cvedetails.com/cve/CVE-2018-18898/ Bug: https://docs.bestpractical.com/release-notes/rt/4.4.4 Package-Manager: Portage-2.3.97, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl@gentoo.org> .../Email-Address-List-0.50.0.ebuild | 33 ---------------------- dev-perl/Email-Address-List/Manifest | 1 - 2 files changed, 34 deletions(-) Cleanup done, over to sec to finish this off :) (In reply to Kent Fredric (IRC: kent\n) from comment #3) > Cleanup done, over to sec to finish this off :) Thanks! |