Bug#63995: bugs.debian.org reveals e-mail addresses to spammers
severity 63995 grave thanks A solution is available and it's trivial. Just conceal the addresses from the public web interface and mailing list archives, requiring authentication to access the full report. This is what's done in Ubuntu, Red Hat, XFCE, and about just any sensible project I know
Bug#63995: bugs.debian.org reveals e-mail addresses to spammers
Another solution is to implement CAPTCHA to protect email addresses, or any mbox's raw data. Something like what implemented in googlegroups web interface.