[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2015-7686 and CVE-2018-12558 upstream mitigation

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ad6b5c05 by Salvatore Bonaccorso at 2018-12-26T07:44:08Z
Add reference for CVE-2015-7686 and CVE-2018-12558 upstream mitigation

>From the upstream commit:

        > Subject: [PATCH] avoid unnecessary backtrackings
        >
        > Backtracking could cause serious exponential performance issues, 
luckily
        > that we can avoid it here as BNF of email address is not ambiguous.
        >
        > This fixes CVE-2015-7686 under various $COMMENT_NEST_LEVEL and also
        > CVE-2018-12558

The commit is included in v1.910 upstream.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26882,6 +26882,7 @@ CVE-2018-12558 (The parse() method in the 
Email::Address module through 1.909 fo
        - libemail-address-perl <unfixed> (unimportant; bug #901873)
        NOTE: Possibility of DoS vs. usability issue for Email::Address
        NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
+       NOTE: Mitigation: 
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
 CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes 
become ...)
        - zuul <itp> (bug #705844)
 CVE-2018-12556
@@ -147700,6 +147701,7 @@ CVE-2015-7686 (Algorithmic complexity vulnerability 
in Address.pm in the ...)
        [squeeze] - libemail-address-perl <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
        NOTE: Possibility of DoS vs. usability issue for Email::Address
+       NOTE: Mitigation: 
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
 CVE-2015-7671
        RESERVED
 CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php 
in the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad6b5c05356647a2fe3232eafc28b804e45c45cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad6b5c05356647a2fe3232eafc28b804e45c45cb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits