This is an automated email from the git hooks/post-receive script. carnil pushed a commit to branch wheezy in repository libemail-address-perl.
commit 8153c2fcaad02911a32909496c98221387d55ad9 Author: Salvatore Bonaccorso <car...@debian.org> Date: Wed Jun 25 22:20:39 2014 +0200 Add 0008-quoted-part-can-be-empty.patch patch CVE-2014-0477: Fix denial of service vulnerability in the way how Email::Address::parse parses empty quoted string, as allowed by RFC 2822. --- debian/patches/0008-quoted-part-can-be-empty.patch | 25 ++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 26 insertions(+) diff --git a/debian/patches/0008-quoted-part-can-be-empty.patch b/debian/patches/0008-quoted-part-can-be-empty.patch new file mode 100644 index 0000000..bdd4b04 --- /dev/null +++ b/debian/patches/0008-quoted-part-can-be-empty.patch @@ -0,0 +1,25 @@ +From 83f8306117115729ac9346523762c0c396251eb5 Mon Sep 17 00:00:00 2001 +From: Ricardo Signes <r...@cpan.org> +Date: Tue, 17 Jun 2014 22:48:03 -0400 +Subject: [PATCH 8/8] quoted part can be empty + +--- + lib/Email/Address.pm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Email/Address.pm b/lib/Email/Address.pm +index acece12..1e0feb8 100644 +--- a/lib/Email/Address.pm ++++ b/lib/Email/Address.pm +@@ -51,7 +51,7 @@ my $dot_atom = qr/$cfws*$dot_atom_text$cfws*/; + + my $qtext = qr/[^\\"]/; + my $qcontent = qr/$qtext|$quoted_pair/; +-my $quoted_string = qr/$cfws*"$qcontent+"$cfws*/; ++my $quoted_string = qr/$cfws*"$qcontent*"$cfws*/; + + my $word = qr/$atom|$quoted_string/; + +-- +2.0.0 + diff --git a/debian/patches/series b/debian/patches/series index 5299247..2b89011 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ spelling.patch +0008-quoted-part-can-be-empty.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libemail-address-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits