On Sun, 2014-04-06 11:12:17 +0200, Moritz Mühlenhoff wrote: > On Sat, Mar 29, 2014 at 09:07:11AM +1100, Aníbal Monsalve Salazar wrote: >> On Fri, 2014-03-28 16:22:14 +0100, Moritz Muehlenhoff wrote: >>> On Thu, Jan 09, 2014 at 09:01:53PM +0100, Florian Weimer wrote: >>>> Package: libplrpc-perl >>>> Severity: grave >>>> Version: 0.2020-2 >>>> Tags: security upstream >>>> >>>> The PlRPC module uses Storable in an unsafe way, leading to a remote >>>> code execution vulnerability (in both the client and the server). >>>> >>>> Upstream bug report: >>>> >>>> https://rt.cpan.org/Public/Bug/Display.html?id=90474 >>>> >>>> A fix (which is not yet available) requires a protocol change. I >>>> think we should remove the package from the distribution instead. >>> >>> Anibal, what's the status? Do you agree with the removal? >> >> Yes, I agree. I was waiting to get it fixed upstream. > > Please file a removal bug against ftp.debian.org.
Done! https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745477 Cheers!
signature.asc
Description: Digital signature
