Bug#868170: libemail-address-perl: Email::Address->parse() is vulnerable to CVE-2015-7686
Pali Rohár
pali.rohar at gmail.com
Fri Nov 17 11:03:26 UTC 2017
On Thursday 16 November 2017 22:58:25 gregor herrmann wrote:
> On Thu, 16 Nov 2017 17:55:35 +0000, Damyan Ivanov wrote:
>
> > A lot of wheels have to spin, but fortunately (or not) it involves
> > mostly waiting :)
>
> The next question is if we have any evidence of a demand / user
> request for this backport. Upstream enthusiasm is nice but having a
> bit more wouldn't hurt :)
Basically libemail-address-perl (which is in repository) is vulnerable.
So I think it is a good idea to provide at least via backports
alternative which is usable.
I'm already using Email::Address::XS on Debian stable systems, but
installed only via cpan client. So system package would help deploying.
====
But back to Salvatore's proposal. First two steps are already done. What
about next, do you have some script or any other tool which can create
those wishlist bugs for all packages which depend on
libemail-address-perl package?
--
Pali Rohár
pali.rohar at gmail.com
More information about the pkg-perl-maintainers
mailing list