[Secure-testing-commits] r37875 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Nov 24 20:27:58 UTC 2015
Author: carnil
Date: 2015-11-24 20:27:58 +0000 (Tue, 24 Nov 2015)
New Revision: 37875
Modified:
data/CVE/list
Log:
Mark CVE-2015-7686 as unimportant
Rationale: The default configuration in 1.908 mitigates this issue but
has some other drawbacks. There is no real solution for this algorithmic
complexity problem right now in Email::Address itself. The DoS issue
itself will not get a CVE but is fixed already.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-24 20:03:23 UTC (rev 37874)
+++ data/CVE/list 2015-11-24 20:27:58 UTC (rev 37875)
@@ -1905,7 +1905,7 @@
RESERVED
- opensmtpd 5.7.3p1-1 (bug #800787)
CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
- - libemail-address-perl <unfixed> (low)
+ - libemail-address-perl <unfixed> (unimportant)
[jessie] - libemail-address-perl <no-dsa> (Minor issue)
[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list