Author: carnil Date: 2015-10-03 04:06:02 +0000 (Sat, 03 Oct 2015) New Revision: 36972
Modified: data/CVE/list Log: Update entries for libemail-address-perl Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-10-03 03:53:32 UTC (rev 36971) +++ data/CVE/list 2015-10-03 04:06:02 UTC (rev 36972) @@ -1,3 +1,10 @@ +CVE-2015-7686 [Algorithmic Complexity issue] + - libemail-address-perl <unfixed> (low) + [jessie] - libemail-address-perl <no-dsa> (Minor issue) + [wheezy] - libemail-address-perl <no-dsa> (Minor issue) + [squeeze] - libemail-address-perl <no-dsa> (Minor issue) + NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13 + NOTE: Possibility of DoS vs. usability issue for Email::Address CVE-2015-7671 RESERVED CVE-2015-7670 @@ -662,12 +669,17 @@ RESERVED CVE-2015-XXXX [DoS] - libemail-address-perl 1.908-1 + [jessie] - libemail-address-perl <no-dsa> (Minor issue vs. usability of impact module) + [wheezy] - libemail-address-perl <no-dsa> (Minor issue vs. usability impact of module) [squeeze] - libemail-address-perl 1.889-2+deb6u2 NOTE: workaround entry for DLA-320-1 until/if CVE assigned - NOTE: as of 1.908 as mitigation default value for nestable - NOTE: comments set to deep level 1. + NOTE: For the denial of service issue as of 1.908 as mitigation default value + NOTE: for nestable comments set to deep level 1. NOTE: https://github.com/rjbs/Email-Address/commit/3056b7da4fffbce9ad92f9799fffc587ab40303d - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/27/1 + NOTE: No CVE will be assigned for behaviour change between 1.907 and 1.908 + NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity") + NOTE: issue still present in 1.908 + NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13 CVE-2015-7359 RESERVED CVE-2015-7358 _______________________________________________ Secure-testing-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
