Comment 0 is for perl-Email-MIME-ContentType.

perl-Email-MIME is part of this too.

The issue is fixed in 1.949 there:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VJFUIVJOQGZOYF4Q4RXPBJTBBZD5LXVK/

Summary: perl-Email-MIME-ContentType new DoS security issue => perl-Email-MIME, perl-Email-MIME-ContentType new DoS security issue
Source RPM: perl-Email-MIME-ContentType-1.22.0-3.mga7.src.rpm => perl-Email-MIME-ContentType-1.22.0-3.mga7.src.rpm, perl-Email-MIME-1.946.0-3.mga7.src.rpm

No evident maintainer, so assigning globally. CCing Shlomi as the registered person.

CC: (none) => shlomif
Assignee: bugsquad => pkg-bugs

Updated versions on their way to updates_testing for mga7

CC: (none) => bruno
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED

Advisory:
========================

Updated perl-Email-MIME and perl-Email-MIME-ContentType packages fix security
vulnerability:

Messages with too many tiny nested MIME parts can lead to memory exhaustion on
split(), resulting in denial of service (rhbz#1835353).

This update limits the number of nested MIME parts to 10 (by default), to avoid
a possible memory exhaustion issue with lots of tiny MIME parts.

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VJFUIVJOQGZOYF4Q4RXPBJTBBZD5LXVK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3PWODHVD5ZKQBY2OYBTFPBETUOOJA33D/
========================

Updated packages in core/updates_testing:
========================
perl-Email-MIME-1.949.0-3.1.mga7
perl-Email-MIME-ContentType-1.24.0-3.1.mga7

from SRPMS:
perl-Email-MIME-1.949.0-3.1.mga7.src.rpm
perl-Email-MIME-ContentType-1.24.0-3.1.mga7.src.rpm

Status comment: Fixed upstream in 1.949 (Email::MIME) and 1.24 (Email::MIME::ContentType) => (none)