Debian Security Advisory DSA 2969-1 (libemail-address-perl - security update)

Summary
Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.
Solution
For the stable distribution (wheezy), this problem has been fixed in version 1.895-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.905-1. For the unstable distribution (sid), this problem has been fixed in version 1.905-1. We recommend that you upgrade your libemail-address-perl packages.
Insight
Email::Address implements a complete RFC 2822 parser that locates email addresses in strings and returns a list of Email::Address objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast.
Affected
libemail-address-perl on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References