Package: ruby-mail Severity: important Tags: upstream, security Messages with too many tiny MIME parts can OOM on split().
Messages with many nested MIME parts can also OOM (not sure about recursion). Upstream is responsive and working on a fix. Small messages can generate these, since the a boundary only needs to be 4 bytes "--a\n" and the header+body of each part can just be 4 bytes "x:y\n\n", too. Ruby needs 40 bytes to represent a 4 byte string on 64-bit: This affects many other MIME parsers, too.