diff --git a/__tests__/normalize-manifest.js b/__tests__/normalize-manifest.js
index 35a1713597..2740f969f2 100644
--- a/__tests__/normalize-manifest.js
+++ b/__tests__/normalize-manifest.js
@@ -183,3 +183,25 @@ function normalizePathDict(paths: mixed): ?{[key: string]: mixed} {
 
   return out;
 }
+
+describe('util DOS regression', () => {
+  const MAX_MS = 500;
+
+  test('dos1', () => {
+    const person = '' + '<'.repeat(100000) + '\u0000';
+    const start = Date.now();
+    const parsed = util.parsePerson(person);
+    const duration = Date.now() - start;
+    expect(parsed).toEqual({});
+    expect(duration).toBeLessThan(MAX_MS);
+  });
+
+  test('dos2', () => {
+    const person = '' + '('.repeat(100000) + '\u0000';
+    const start = Date.now();
+    const parsed = util.parsePerson(person);
+    const duration = Date.now() - start;
+    expect(parsed).toEqual({});
+    expect(duration).toBeLessThan(MAX_MS);
+  });
+});
diff --git a/src/util/normalize-manifest/util.js b/src/util/normalize-manifest/util.js
index 7d30f6106b..ea022e2007 100644
--- a/src/util/normalize-manifest/util.js
+++ b/src/util/normalize-manifest/util.js
@@ -54,12 +54,12 @@ export function parsePerson(person: mixed): any {
     }
   }
 
-  const email = person.match(/<([^>]+)>/);
+  const email = person.match(/<([^<>]+)>/);
   if (email) {
     obj.email = email[1];
   }
 
-  const url = person.match(/\(([^\)]+)\)/);
+  const url = person.match(/\(([^\(\)]+)\)/);
   if (url) {
     obj.url = url[1];
   }