[request-tracker-maintainers] Bug#887551: Bug#887551: request-tracker4 depends on libemail-address-perl
Dominic Hargreaves
dom at earth.li
Sat Apr 7 23:14:53 UTC 2018
On Wed, Jan 17, 2018 at 09:05:18PM +0100, Pali Rohár wrote:
> Hi! Package request-tracker4 depends on libemail-address-perl which is
> vulnerable to CVE-2015-7686, see bug #868170. libemail-address-perl
> provides perl module Email::Address which is now unmaintained. There is
> a new perl module Email::Address::XS which is API compatible replacement
> for Email::Address and is available in libemail-address-xs-perl. Please
> port request-tracker4 package to use libemail-address-xs-perl. If you need
> help with porting let me know.
Thanks for the heads up. Upstream is going to look at this for the 4.6
cycle. Given that request-tracker4 is far from being the only reverse
dependency at the moment, I don't plan to look at accelerating this,
but I would happily take a working patch into Debian sooner.
Cheers,
Dominic.
More information about the pkg-request-tracker-maintainers
mailing list