FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  372978
Date:      2014-11-21
Time:      08:13:00Z
Committer: matthew

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d1dfc4c7-8791-11e3-a371-6805ca0b3d42rt42 -- denial-of-service attack via the email gateway

The RT development team reports:

Versions of RT between 4.2.0 and 4.2.2 (inclusive) are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability is assigned CVE-2014-1474.

This vulnerability is caused by poor parsing performance in the Email::Address::List module, which RT depends on. We recommend that affected users upgrade their version of Email::Address::List to v0.02 or above, which resolves the issue. Due to a communications mishap, the release on CPAN will temporarily appear as "unauthorized," and the command-line cpan client will hence not install it. We expect this to be resolved shortly; in the meantime, the release is also available from our server.


Discovery 2014-01-27
Entry 2014-01-27
rt42
ge 4.2 lt 4.2.1_3

ge 4.2.2 lt 4.2.2_2

p5-Email-Address-List
lt 0.02

CVE-2014-1474
http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html