[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2015-7686 and CVE-2018-12558 upstream mitigation
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 26 07:49:15 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad6b5c05 by Salvatore Bonaccorso at 2018-12-26T07:44:08Z
Add reference for CVE-2015-7686 and CVE-2018-12558 upstream mitigation
>From the upstream commit:
> Subject: [PATCH] avoid unnecessary backtrackings
>
> Backtracking could cause serious exponential performance issues, luckily
> that we can avoid it here as BNF of email address is not ambiguous.
>
> This fixes CVE-2015-7686 under various $COMMENT_NEST_LEVEL and also
> CVE-2018-12558
The commit is included in v1.910 upstream.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26882,6 +26882,7 @@ CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 fo
- libemail-address-perl <unfixed> (unimportant; bug #901873)
NOTE: Possibility of DoS vs. usability issue for Email::Address
NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
+ NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes become ...)
- zuul <itp> (bug #705844)
CVE-2018-12556
@@ -147700,6 +147701,7 @@ CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
NOTE: Possibility of DoS vs. usability issue for Email::Address
+ NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
CVE-2015-7671
RESERVED
CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php in the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad6b5c05356647a2fe3232eafc28b804e45c45cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad6b5c05356647a2fe3232eafc28b804e45c45cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181226/09983949/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list