Candidate: CVE-2018-1294
PublicDate: 2018-03-20 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294
 https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
Description:
 If a user of Apache Commons Email (typically an application programmer)
 passes unvalidated input as the so-called "Bounce Address", and that input
 contains line-breaks, then the email details (recipients, contents, etc.)
 might be manipulated. Mitigation: Users should upgrade to Commons-Email
 1.5. You can mitigate this vulnerability for older versions of Commons
 Email by stripping line-breaks from data, that will be passed to
 Email.setBounceAddress(String).
Ubuntu-Description:
Notes:
 msalvatore> "version 1.5 is not affected"
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_commons-email:
upstream_commons-email: released (1.5)
precise/esm_commons-email: DNE
trusty_commons-email: DNE
trusty/esm_commons-email: DNE
xenial_commons-email: DNE
artful_commons-email: DNE
bionic_commons-email: not-affected (1.5-1)
cosmic_commons-email: not-affected (1.5-1)
devel_commons-email: not-affected (1.5-1)