On Fri, 2014-03-28 16:22:14 +0100, Moritz Muehlenhoff wrote: > On Thu, Jan 09, 2014 at 09:01:53PM +0100, Florian Weimer wrote: >> Package: libplrpc-perl >> Severity: grave >> Version: 0.2020-2 >> Tags: security upstream >> >> The PlRPC module uses Storable in an unsafe way, leading to a remote >> code execution vulnerability (in both the client and the server). >> >> Upstream bug report: >> >> https://rt.cpan.org/Public/Bug/Display.html?id=90474 >> >> A fix (which is not yet available) requires a protocol change. I >> think we should remove the package from the distribution instead. > > Anibal, what's the status? Do you agree with the removal?
Yes, I agree. I was waiting to get it fixed upstream. > Cheers, > Moritz
signature.asc
Description: Digital signature
