The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
bestpractical.com/download-page
lists.debian.org/debian-lts-announce/2020/02/msg00009.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/
usn.ubuntu.com/4517-1/