{
  "schema_version": "1.7.0",
  "id": "MGASA-2016-0019",
  "published": "2016-01-15T01:52:38Z",
  "modified": "2026-03-24T19:04:05Z",
  "summary": "Updated ruby-mail packages fix security vulnerability",
  "details": "The Mail library does not impose a length limit on email addresses, so an\nattacker can send a long spam message via a recipient address unless there\nis a limit on the application's side. The attacker-injected message in the\nrecipient address is processed by the server. This type of vulnerability\ncan be real threats in inquiry forms, member signup forms, or any other\napplication that delivers an email to a user-specified email address\n(bsc#959129)\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2016-0019.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=17325"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/12/11/3"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00013.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "ruby-mail",
        "purl": "pkg:rpm/mageia/ruby-mail?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.4-9.1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}