https://bugzilla.redhat.com/show_bug.cgi?id=1110723 Bug ID: 1110723 Summary: CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@xxxxxxxxxx Reporter: vkaigoro@xxxxxxxxxx CC: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, rob.myers@xxxxxxxxxxxxxxx, tcallawa@xxxxxxxxxx It was discovered [1] that there's a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation[2]. Email::Address::parse uses significant time on parsing empty quoted string, as allowed by RFC 2822. Suggested fix was applied upstream as [3] contained in a new upstream version 1.905[4] which contain additional commits to avoid slowdowns. External References: [1] http://seclists.org/oss-sec/2014/q2/563 [2] https://metacpan.org/release/Email-Address [3] https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5 [4] https://github.com/rjbs/Email-Address/blob/master/Changes -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=O6OgIb7i9P&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
