Bug#868170: libemail-address-perl: Email::Address->parse() is vulnerable to CVE-2015-7686
gregor herrmann
gregoa at debian.org
Thu Jul 13 14:47:34 UTC 2017
On Thu, 13 Jul 2017 15:21:06 +0200, Pali Rohár wrote:
> On Thursday 13 July 2017 15:08:38 Salvatore Bonaccorso wrote:
> > This IMHO is no reason to mark it as severity grave.
> Debian Security Team suggested to add severity grave, so I did it.
Salvatore is part of the Debian Security Team.
This CVE is also already tracked by them since some time:
https://security-tracker.debian.org/tracker/CVE-2015-7686
(Note the "<no-dsa> (Minor issue)")
Please also note that replacing Email::Address with ::XS might be a
worthwhile goal in unstable and for buster but it wont't happen for
(jessie or) stretch.
Cheers,
gregor
--
.''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- BOFH excuse #123: user to computer ratio too high.
More information about the pkg-perl-maintainers
mailing list