On Wed, Mar 06, 2019 at 07:28:20PM -0700, Andrew Hewus Fresh wrote: > This updates p5-Email-Address which fixes a CVE, no other changes and no > apparent fallout in dependent ports. > > https://metacpan.org/changes/release/RJBS/Email-Address-1.912 > > Stuart, you're welcome to commit it if you want. > > The docs say: > > > Version 1.909 and earlier of this module had vulnerabilies > > (CVE-2015-7686) and (CVE-2015-12558) which allowed specially > > constructed email to cause a denial of service. The reported > > vulnerabilities and some other pathalogical cases (meaning they really > > shouldn't occur in normal email) have been addressed in version 1.910 > > and newer. If you're running version 1.909 or older, you should > > update! > > OK? Comments?
OK bluhm@ > Index: Makefile > =================================================================== > RCS file: /cvs/ports/mail/p5-Email-Address/Makefile,v > retrieving revision 1.14 > diff -u -p -r1.14 Makefile > --- Makefile 20 Jun 2018 16:17:56 -0000 1.14 > +++ Makefile 7 Mar 2019 02:26:00 -0000 > @@ -4,7 +4,7 @@ COMMENT= RFC 2822 address parsing and cr > > MODULES= cpan > PKG_ARCH= * > -DISTNAME= Email-Address-1.909 > +DISTNAME= Email-Address-1.912 > CATEGORIES= mail > > MAINTAINER= Stuart Henderson <[email protected]> > Index: distinfo > =================================================================== > RCS file: /cvs/ports/mail/p5-Email-Address/distinfo,v > retrieving revision 1.11 > diff -u -p -r1.11 distinfo > --- distinfo 20 Jun 2018 16:17:56 -0000 1.11 > +++ distinfo 7 Mar 2019 02:26:00 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (Email-Address-1.909.tar.gz) = > byxTJ1FxjrXjANKV+xhpXZUldH07ufLdcy5JA6g2/VA= > -SIZE (Email-Address-1.909.tar.gz) = 41490 > +SHA256 (Email-Address-1.912.tar.gz) = > D6N4UpjML2eA5j46X7HKgU3Lw2DOtZ7Y+oTrT/oG+e8= > +SIZE (Email-Address-1.912.tar.gz) = 42390
