Source: libdbi-perl Severity: important Hi Debian Perl Group members :)
libplrpc-perl should be removed from the archive[1] as it uses Storable in an unsafe way, leading to a remote code execution vulnerability (in both the client and the server).[2,3]. Petr from Red Hat also asked to add a security notice for the proxy drivers[4], but this code is unmaintained in DBI[5]. libdbi-perl is the only consumer of libplrpc-perl via Suggests, so I propose to drop the Suggests and maybe add a NEWS.Debian mentioning the removal. Do anybody have otherwise another better aproach? [1] https://bugs.debian.org/734789 [2] https://rt.cpan.org/Public/Bug/Display.html?id=90474 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1030572 [4] https://rt.cpan.org/Public/Bug/Display.html?id=90475 [5] https://rt.cpan.org/Public/Bug/Display.html?id=61976#txn-840757 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
