Package: libplrpc-perl Severity: grave Version: 0.2020-2 Tags: security upstream
The PlRPC module uses Storable in an unsafe way, leading to a remote code execution vulnerability (in both the client and the server). Upstream bug report: https://rt.cpan.org/Public/Bug/Display.html?id=90474 A fix (which is not yet available) requires a protocol change. I think we should remove the package from the distribution instead. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
