Bug#868170: libemail-address-perl: Email::Address->parse() is vulnerable to CVE-2015-7686
Pali Rohár
pali.rohar at gmail.com
Thu Jul 26 14:48:31 BST 2018
On Sunday 22 July 2018 16:47:00 gregor herrmann wrote:
> On Sat, 07 Jul 2018 22:16:05 +0200, Pali Rohár wrote:
> > And about remaining, should I fill a bug for duck, cil,
> > libhtml-fromtext-perl and libtemplate-plugin-clickable-email-perl
> > packages? Or do you have a better idea how to handle
> > libregexp-common-email-address-perl and libemail-find-perl?
>
> Well, the question is what the bug reports are about or what the
> packages are supposed to do.
> duck is Debian specific, so it should be possible to come up with a
> fix; for the others I'd suggest to discuss this with upstream first.
Email::Find has last release from year 2007 and has open 6 years bugs:
https://metacpan.org/pod/Email::Find
https://rt.cpan.org/Public/Dist/Display.html?Name=Email-Find
And Regexp::Common::Email::Address is from year 2005:
https://metacpan.org/pod/Regexp::Common::Email::Address
https://rt.cpan.org/Public/Dist/Display.html?Name=Regexp-Common-Email-Address
Dependent modules:
HTML::FromText is from same author as Email::Address:
https://metacpan.org/pod/HTML::FromText
And Template::Plugin::Clickable::Email had only one version, year 2005:
https://metacpan.org/pod/Template::Plugin::Clickable::Email
So it does not look like there is active development...
--
Pali Rohár
pali.rohar at gmail.com
More information about the pkg-perl-maintainers
mailing list