[Secure-testing-commits] r36972 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-10-03 04:06:02 +0000 (Sat, 03 Oct 2015)
New Revision: 36972

Modified:
   data/CVE/list
Log:
Update entries for libemail-address-perl

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-03 03:53:32 UTC (rev 36971)
+++ data/CVE/list	2015-10-03 04:06:02 UTC (rev 36972)
@@ -1,3 +1,10 @@
+CVE-2015-7686 [Algorithmic Complexity issue]
+	- libemail-address-perl <unfixed> (low)
+	[jessie] - libemail-address-perl <no-dsa> (Minor issue)
+	[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
+	[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
+	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
+	NOTE: Possibility of DoS vs. usability issue for Email::Address
 CVE-2015-7671
 	RESERVED
 CVE-2015-7670
@@ -662,12 +669,17 @@
 	RESERVED
 CVE-2015-XXXX [DoS]
 	- libemail-address-perl 1.908-1
+	[jessie] - libemail-address-perl <no-dsa> (Minor issue vs. usability of impact module)
+	[wheezy] - libemail-address-perl <no-dsa> (Minor issue vs. usability impact of module)
 	[squeeze] - libemail-address-perl 1.889-2+deb6u2
 	NOTE: workaround entry for DLA-320-1 until/if CVE assigned
-	NOTE: as of 1.908 as mitigation default value for nestable
-	NOTE: comments set to deep level 1.
+	NOTE: For the denial of service issue as of 1.908 as mitigation default value
+	NOTE: for nestable comments set to deep level 1.
 	NOTE: https://github.com/rjbs/Email-Address/commit/3056b7da4fffbce9ad92f9799fffc587ab40303d
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/27/1
+	NOTE: No CVE will be assigned for behaviour change between 1.907 and 1.908
+	NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity")
+	NOTE: issue still present in 1.908
+	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
 CVE-2015-7359
 	RESERVED
 CVE-2015-7358