Bug#868170: libemail-address-perl: Email::Address->parse() is vulnerable to CVE-2015-7686
Pali Rohár
pali.rohar at gmail.com
Wed Nov 1 10:36:03 UTC 2017
On Thursday 13 July 2017 17:36:09 Salvatore Bonaccorso wrote:
> In particular as initial step we need a packaged libemail-address-xs-perl. Volunteers?
> ;-)
Hello, any progress on this?
This package would be needed not only as a replacement for the
vulnerable libemail-address-perl, but also for a new versions of
existing libemail-*-perl packages, either directly or transitionally.
E.g. New version of Email::Stuffer now depends on newer version of the
Email::MIME which now needs Email::Address::XS. All is needed because of
bugs which were fixed in Email::Stuffer and Email::MIME.
--
Pali Rohár
pali.rohar at gmail.com
More information about the pkg-perl-maintainers
mailing list