pali
commented
6 years ago Months ago I have already created pull request with changes, see: https://github.com/Perl-Email-Project/Email-Reply/pull/6
Open GvMariani opened 6 years ago
pali
commented
6 years ago Months ago I have already created pull request with changes, see: https://github.com/Perl-Email-Project/Email-Reply/pull/6
GvMariani
commented
6 years ago Sorry, I did not spot the pull request... So when will we have it merged? So that I can drop custom patch from our (Rosa Linux) Email-Reply package?
pali
commented
6 years ago So when will we have it merged?
@rjbs is maintainer and only he can merge pull requests.
I have open pull requests to Email:: modules for more then 6 months and @rjbs have not processed them yet.
See, for the first statement (module deprecation): http://search.cpan.org/~rjbs/Email-Address-1.909/lib/Email/Address.pm and for the second one (remote DOS): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7686 . The CPAN site recommends switching to the Email::Address::XS module(http://search.cpan.org/~pali/Email-Address-XS-1.03/lib/Email/Address/XS.pm), because it is a drop-in replacement for the original Email::Address and it was created to fix the above CVE.
Please do such switch to Email::Address::XS for Email::Reply... The passage can be made near trivially, by simply changing all the recurrences (but one) of "Email::Address" to "Email::Address::XS" (see attached patch).
Email-Reply-1.204-use-Email-Address-XS.txt