Bug#868170: libemail-address-perl: Email::Address->parse() is vulnerable to CVE-2015-7686
Damyan Ivanov
dmn at debian.org
Thu Nov 16 17:55:35 UTC 2017
[removing from Cc people I know read pkg-perl's bug mail]
-=| Pali Rohár, 16.11.2017 15:08:24 +0100 |=-
> And now I see that package is finally in sid:
> https://packages.debian.org/sid/libemail-address-xs-perl
>
> What would be next steps?
Getting it to backports can't be done before the package migrates to
testing (about a week according to [1]) as per -backports policy. Then
someone has to prepare a -backports upload (I can do that), then it
will have to clean the -backports NEW queue.
[1] https://tracker.debian.org/pkg/libemail-address-xs-perl
A lot of wheels have to spin, but fortunately (or not) it involves
mostly waiting :)
-- dam
More information about the pkg-perl-maintainers
mailing list