{"id":"MGASA-2014-0389","summary":"Updated perl-Email-Address packages fix security vulnerabilities","details":"Updated perl-Email-Address package fixes security vulnerability:\n\nThe parse function in Email::Address module before 1.905 for Perl uses an\ninefficient regular expression, which allows remote attackers to cause a\ndenial of service (CPU consumption) via an empty quoted string in an RFC 2822\naddress (CVE-2014-0477).\n\nThe Email::Address module before 1.904 for Perl uses an inefficient regular\nexpression, which allows remote attackers to cause a denial of service (CPU\nconsumption) via vectors related to \"backtracking into the phrase\"\n(CVE-2014-4720).\n","modified":"2026-04-16T06:25:03.676897229Z","published":"2014-09-26T15:55:04Z","upstream":["CVE-2014-0477","CVE-2014-4720"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0389.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13541"},{"type":"WEB","url":"https://www.debian.org/security/2014/dsa-2969"}],"affected":[{"package":{"name":"perl-Email-Address","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/perl-Email-Address?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.905.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0389.json"}},{"package":{"name":"perl-Email-Address","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/perl-Email-Address?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.905.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0389.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}