FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
22b90fe6-258e-11e9-9c8d-6805ca0b3d42	p5-Email-Address-List -- DDoS related vulnerability Best PRactical Solutions reports: 0.06 2019-01-02 - Changes to address CVE-2018-18898 which could allow DDoS-type attacks. Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for contributing fixes. - Fix pathological backtracking for unkown regex - Fix pathological backtracking in obs-phrase(i.e. obs-display-name) - Fix pathological backtracking in cfws, quoted strings Discovery 2019-01-02 Entry 2019-01-31 p5-Email-Address-List < 0.06 https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes CVE-2018-18898
d1dfc4c7-8791-11e3-a371-6805ca0b3d42	rt42 -- denial-of-service attack via the email gateway The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 (inclusive) are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability is assigned CVE-2014-1474. This vulnerability is caused by poor parsing performance in the Email::Address::List module, which RT depends on. We recommend that affected users upgrade their version of Email::Address::List to v0.02 or above, which resolves the issue. Due to a communications mishap, the release on CPAN will temporarily appear as "unauthorized," and the command-line cpan client will hence not install it. We expect this to be resolved shortly; in the meantime, the release is also available from our server. Discovery 2014-01-27 Entry 2014-01-27 rt42 >= 4.2 lt 4.2.1_3 >= 4.2.2 lt 4.2.2_2 p5-Email-Address-List < 0.02 CVE-2014-1474 http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html

VuXML ID

Description

22b90fe6-258e-11e9-9c8d-6805ca0b3d42

p5-Email-Address-List -- DDoS related vulnerability

Best PRactical Solutions reports:

 0.06 2019-01-02

 - Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
   Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
   contributing fixes.
   - Fix pathological backtracking for unkown regex
   - Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
   - Fix pathological backtracking in cfws, quoted strings

Discovery 2019-01-02
Entry 2019-01-31
p5-Email-Address-List

< 0.06

https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes
CVE-2018-18898

d1dfc4c7-8791-11e3-a371-6805ca0b3d42

rt42 -- denial-of-service attack via the email gateway

The RT development team reports:

Versions of RT between 4.2.0 and 4.2.2 (inclusive) are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability is assigned CVE-2014-1474.

This vulnerability is caused by poor parsing performance in the Email::Address::List module, which RT depends on. We recommend that affected users upgrade their version of Email::Address::List to v0.02 or above, which resolves the issue. Due to a communications mishap, the release on CPAN will temporarily appear as "unauthorized," and the command-line cpan client will hence not install it. We expect this to be resolved shortly; in the meantime, the release is also available from our server.

Discovery 2014-01-27
Entry 2014-01-27
rt42

>= 4.2 lt 4.2.1_3

>= 4.2.2 lt 4.2.2_2

p5-Email-Address-List

< 0.02

CVE-2014-1474
http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html