CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse

[Salvatore Bonaccorso <carnil () debian org>]

Hi

Bastian Blank reported a denial of service vulnerability in
Email::Address, a Perl module for RFC 2822 address parsing and
creation[1]. Email::Address::parse uses significant time on parsing
empty quoted string, as allowed by RFC 2822.

CVE-2014-0477 was assigned to reference this issue.

Bastian Blank suggested a fix which was applied upstream as [2]
contained in a new upstream version 1.905[3] which contain additional
commits to avoid slowdowns.

 [1] https://metacpan.org/release/Email-Address
 [2] https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5
 [3] https://github.com/rjbs/Email-Address/blob/master/Changes

Regards,
Salvatore