[Git][security-tracker-team/security-tracker][master] Track CVE-2015-7686 and CVE-2018-12558 as adressed with upstream 1.910

Salvatore Bonaccorso carnil at debian.org
Thu Jan 3 05:22:28 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8329877 by Salvatore Bonaccorso at 2019-01-03T05:20:33Z
Track CVE-2015-7686 and CVE-2018-12558 as adressed with upstream 1.910

Upstream of Email::Adress considers the two CVEs are resolved, although
there might be more cases due to unterlying issue. We follow upstream
here and mark those two as fixed with the 1.912-1 upload to unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27836,7 +27836,7 @@ CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in
 	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
 	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
 CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 for Perl ...)
-	- libemail-address-perl <unfixed> (unimportant; bug #901873)
+	- libemail-address-perl 1.912-1 (unimportant; bug #901873)
 	NOTE: Possibility of DoS vs. usability issue for Email::Address
 	NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
 	NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
@@ -148643,7 +148643,7 @@ CVE-2015-XXXX [Remotely triggerable buffer overflow in OpenSMTPD]
 CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote ...)
 	- opensmtpd 5.7.3p1-1 (bug #800787)
 CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
-	- libemail-address-perl <unfixed> (bug #868170; unimportant)
+	- libemail-address-perl 1.912-1 (bug #868170; unimportant)
 	[jessie] - libemail-address-perl <no-dsa> (Minor issue)
 	[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
 	[squeeze] - libemail-address-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a832987757ed25c8f9ab0f2545ca3eef77117eaa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a832987757ed25c8f9ab0f2545ca3eef77117eaa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/b450fc64/attachment.html>


More information about the debian-security-tracker-commits mailing list