Bug#960158: libemail-mime-contenttype-perl: denial-of-service via OOM
perl email user
p5p at yhbt.net
Sat Nov 7 01:25:37 GMT 2020
gregor herrmann <gregoa at debian.org> wrote:
> On Sun, 10 May 2020 02:25:42 +0000, perl email user wrote:
>
> > It's possible to easily craft a message which triggers
> > out-of-memory error.
> >
> > Upstream has been notified and working on the issue.
>
> Mhm. Not a lot of information in this bug report :)
Sorry, I didn't want to provide info that could be used to
aid attackers.
Upstream and security at debian.org are aware of the problem
but have not yet acted.
If you have access to security at debian.org archives, see
<20201025102450.byceuhbphom4gnkj at pali> for fix + discussion.
> Anyway, 1.024-1 has been uploaded. Do you happen to know if this
> changes anything?
Nope. Fwiw, I'm burned out from life + pandemic and
pali at cpan.org has been trying to work with upstream on this.
Anyways thanks for your response and all you do for Debian!
More information about the pkg-perl-maintainers
mailing list