On Thursday 13 July 2017 16:47:34 gregor herrmann wrote: > On Thu, 13 Jul 2017 15:21:06 +0200, Pali Rohár wrote: > > > On Thursday 13 July 2017 15:08:38 Salvatore Bonaccorso wrote: > > > This IMHO is no reason to mark it as severity grave. > > Debian Security Team suggested to add severity grave, so I did it. > > Salvatore is part of the Debian Security Team. > > This CVE is also already tracked by them since some time: > https://security-tracker.debian.org/tracker/CVE-2015-7686 > (Note the "<no-dsa> (Minor issue)") > > Please also note that replacing Email::Address with ::XS might be a > worthwhile goal in unstable and for buster
At least some step forward. > but it wont't happen for (jessie or) stretch. I have no idea what can be done with jessie or stretch as I do not think that fixing Email::Address is possible without introducing another hidden problem or adding new incompatibility against RFCs... -- Pali Rohár pali.ro...@gmail.com