-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:192
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : perl-Email-Address
Date : October 1, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated perl-Email-Address package fixes security vulnerability:
The parse function in Email::Address module before 1.905 for Perl
uses an inefficient regular expression, which allows remote attackers
to cause a denial of service (CPU consumption) via an empty quoted
string in an RFC 2822 address (CVE-2014-0477).
The Email::Address module before 1.904 for Perl uses an inefficient
regular expression, which allows remote attackers to cause a denial
of service (CPU consumption) via vectors related to backtrack