Bug#868170: libemail-address-perl: Email::Address->parse() is vulnerable to CVE-2015-7686
Pali Rohár
pali.rohar at gmail.com
Thu Jan 18 17:10:38 UTC 2018
On Thursday 18 January 2018 17:54:16 gregor herrmann wrote:
> Thinking about upstream, I had another idea: If Email-Address is
> unmaintained on the CPAN, you could take it over (request co-maint)
> and then
> - change Email::Address to a wrapper around Email::Address::XS;
> - or remove the Email-Address distro and move the Email::Address
> module, again changed to a wrapper, into the Email-Address-XS
> distribution;
> - or, maybe least controversial, improve Email::Address to load
> Email::Address::XS if it's installed. In that case we could in
> Debian just add a dependency on libemail-address-xs-perl to
> libemail-address-perl.
I had a discussion about Email::Address module and decision was to not
do such things as Email::Address is pure Perl module and
Email::Address::XS needs C compiler. There are lot of Perl systems where
C compiler is not available and there only pure Perl modules can be
installed/loaded.
--
Pali Rohár
pali.rohar at gmail.com
More information about the pkg-perl-maintainers
mailing list