[Git][security-tracker-team/security-tracker][master] Track CVE-2015-7686 and CVE-2018-12558 as adressed with upstream 1.910
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 3 05:22:28 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8329877 by Salvatore Bonaccorso at 2019-01-03T05:20:33Z
Track CVE-2015-7686 and CVE-2018-12558 as adressed with upstream 1.910
Upstream of Email::Adress considers the two CVEs are resolved, although
there might be more cases due to unterlying issue. We follow upstream
here and mark those two as fixed with the 1.912-1 upload to unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27836,7 +27836,7 @@ CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in
NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 for Perl ...)
- - libemail-address-perl <unfixed> (unimportant; bug #901873)
+ - libemail-address-perl 1.912-1 (unimportant; bug #901873)
NOTE: Possibility of DoS vs. usability issue for Email::Address
NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
@@ -148643,7 +148643,7 @@ CVE-2015-XXXX [Remotely triggerable buffer overflow in OpenSMTPD]
CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote ...)
- opensmtpd 5.7.3p1-1 (bug #800787)
CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
- - libemail-address-perl <unfixed> (bug #868170; unimportant)
+ - libemail-address-perl 1.912-1 (bug #868170; unimportant)
[jessie] - libemail-address-perl <no-dsa> (Minor issue)
[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a832987757ed25c8f9ab0f2545ca3eef77117eaa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a832987757ed25c8f9ab0f2545ca3eef77117eaa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/b450fc64/attachment.html>
More information about the debian-security-tracker-commits
mailing list