svn commit: r491756 - head/security/vuxml
Matthew Seaman
matthew at FreeBSD.org
Thu Jan 31 19:36:18 UTC 2019
Author: matthew
Date: Thu Jan 31 19:36:16 2019
New Revision: 491756
URL: https://svnweb.freebsd.org/changeset/ports/491756
Log:
Document vulnerability addressed by release 0.06 of p5-Email-Address-List
Unfortunately there is very little real description of the
vulnerability available, other than what is in the changelog. Even
the CVE number only leads to a page saying the number is reserved.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jan 31 19:34:22 2019 (r491755)
+++ head/security/vuxml/vuln.xml Thu Jan 31 19:36:16 2019 (r491756)
@@ -58,6 +58,41 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="22b90fe6-258e-11e9-9c8d-6805ca0b3d42">
+ <topic>p5-Email-Address-List -- DDoS related vulnerability</topic>
+ <affects>
+ <package>
+ <name>p5-Email-Address-List</name>
+ <range><lt>0.06</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Best PRactical Solutions reports:</p>
+ <blockquote cite="https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes">
+ <pre>
+ 0.06 2019-01-02
+
+ - Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
+ Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
+ contributing fixes.
+ - Fix pathological backtracking for unkown regex
+ - Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
+ - Fix pathological backtracking in cfws, quoted strings
+ </pre>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes</url>
+ <cvename>CVE-2018-18898</cvename>
+ </references>
+ <dates>
+ <discovery>2019-01-02</discovery>
+ <entry>2019-01-31</entry>
+ </dates>
+ </vuln>
+
<vuln vid="467b7cbe-257d-11e9-8573-001b217b3468">
<topic>Gitlab -- Multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list