Candidate: CVE-2015-7686 PublicDate: 2015-10-06 01:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686 http://www.openwall.com/lists/oss-security/2015/10/02/13 http://www.openwall.com/lists/oss-security/2015/09/27/1 Description: Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments. Ubuntu-Description: Notes: Bugs: Priority: low Discovered-by: Assigned-to: CVSS: Patches_libemail-address-perl: upstream_libemail-address-perl: released (1.912-1) precise_libemail-address-perl: ignored (reached end-of-life) precise/esm_libemail-address-perl: DNE (precise was needed) trusty_libemail-address-perl: ignored (reached end-of-life) trusty/esm_libemail-address-perl: DNE (trusty was needed) vivid_libemail-address-perl: ignored (reached end-of-life) vivid/stable-phone-overlay_libemail-address-perl: DNE vivid/ubuntu-core_libemail-address-perl: DNE wily_libemail-address-perl: ignored (reached end-of-life) xenial_libemail-address-perl: ignored (end of standard support, was needed) yakkety_libemail-address-perl: ignored (reached end-of-life) zesty_libemail-address-perl: ignored (reached end-of-life) artful_libemail-address-perl: ignored (reached end-of-life) bionic_libemail-address-perl: needed cosmic_libemail-address-perl: ignored (reached end-of-life) disco_libemail-address-perl: not-affected (1.912-1) eoan_libemail-address-perl: not-affected (1.912-1) focal_libemail-address-perl: not-affected (1.912-1) groovy_libemail-address-perl: not-affected (1.912-1) hirsute_libemail-address-perl: not-affected (1.912-1) impish_libemail-address-perl: not-affected (1.912-1) jammy_libemail-address-perl: not-affected (1.912-1) devel_libemail-address-perl: not-affected (1.912-1)