On Sat, Mar 29, 2014 at 09:07:11AM +1100, Aníbal Monsalve Salazar wrote:
> On Fri, 2014-03-28 16:22:14 +0100, Moritz Muehlenhoff wrote:
> > On Thu, Jan 09, 2014 at 09:01:53PM +0100, Florian Weimer wrote:
> >> Package: libplrpc-perl
> >> Severity: grave
> >> Version: 0.2020-2
> >> Tags: security upstream
> >>
> >> The PlRPC module uses Storable in an unsafe way, leading to a remote
> >> code execution vulnerability (in both the client and the server).
> >>
> >> Upstream bug report:
> >>
> >> https://rt.cpan.org/Public/Bug/Display.html?id=90474
> >>
> >> A fix (which is not yet available) requires a protocol change. I
> >> think we should remove the package from the distribution instead.
> >
> > Anibal, what's the status? Do you agree with the removal?
>
> Yes, I agree. I was waiting to get it fixed upstream.
Please file a removal bug against ftp.debian.org.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
