[libemail-address-perl] 01/04: Add 0008-quoted-part-can-be-empty.patch patch

Salvatore Bonaccorso carnil at debian.org
Fri Jun 27 18:10:28 UTC 2014 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch wheezy
in repository libemail-address-perl.

commit 8153c2fcaad02911a32909496c98221387d55ad9
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Wed Jun 25 22:20:39 2014 +0200

    Add 0008-quoted-part-can-be-empty.patch patch
    
    CVE-2014-0477: Fix denial of service vulnerability in the way how
    Email::Address::parse parses empty quoted string, as allowed by RFC
    2822.
---
 debian/patches/0008-quoted-part-can-be-empty.patch | 25 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 26 insertions(+)

diff --git a/debian/patches/0008-quoted-part-can-be-empty.patch b/debian/patches/0008-quoted-part-can-be-empty.patch
new file mode 100644
index 0000000..bdd4b04
--- /dev/null
+++ b/debian/patches/0008-quoted-part-can-be-empty.patch
@@ -0,0 +1,25 @@
+From 83f8306117115729ac9346523762c0c396251eb5 Mon Sep 17 00:00:00 2001
+From: Ricardo Signes <rjbs at cpan.org>
+Date: Tue, 17 Jun 2014 22:48:03 -0400
+Subject: [PATCH 8/8] quoted part can be empty
+
+---
+ lib/Email/Address.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/Email/Address.pm b/lib/Email/Address.pm
+index acece12..1e0feb8 100644
+--- a/lib/Email/Address.pm
++++ b/lib/Email/Address.pm
+@@ -51,7 +51,7 @@ my $dot_atom       = qr/$cfws*$dot_atom_text$cfws*/;
+ 
+ my $qtext          = qr/[^\\"]/;
+ my $qcontent       = qr/$qtext|$quoted_pair/;
+-my $quoted_string  = qr/$cfws*"$qcontent+"$cfws*/;
++my $quoted_string  = qr/$cfws*"$qcontent*"$cfws*/;
+ 
+ my $word           = qr/$atom|$quoted_string/;
+ 
+-- 
+2.0.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 5299247..2b89011 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 spelling.patch
+0008-quoted-part-can-be-empty.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libemail-address-perl.git

More information about the Pkg-perl-cvs-commits mailing list