"The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing."
This seems to actually be a bug in Email-Address-List. Debian have tracked down the patches but 0.6 is fixed anyway.
So, @maintainer(s), please cleanup =dev-perl/Email-Address-List-0.50.0.
The bug has been referenced in the following commit(s):
Author: Kent Fredric <email@example.com>
AuthorDate: 2020-04-26 12:25:01 +0000
Commit: Kent Fredric <firstname.lastname@example.org>
CommitDate: 2020-04-26 12:33:57 +0000
dev-perl/Email-Address-List: Security cleanup 0.50.0 re bug #719454
Removing versions affected by CVE-2018-18898
Package-Manager: Portage-2.3.97, Repoman-2.3.22
Signed-off-by: Kent Fredric <email@example.com>
.../Email-Address-List-0.50.0.ebuild | 33 ----------------------
dev-perl/Email-Address-List/Manifest | 1 -
2 files changed, 34 deletions(-)
Cleanup done, over to sec to finish this off :)
(In reply to Kent Fredric (IRC: kent\n) from comment #3)
> Cleanup done, over to sec to finish this off :)