Package: libplrpc-perl
Severity: grave
Version: 0.2020-2
Tags: security upstream

The PlRPC module uses Storable in an unsafe way, leading to a remote
code execution vulnerability (in both the client and the server).

Upstream bug report:

https://rt.cpan.org/Public/Bug/Display.html?id=90474

A fix (which is not yet available) requires a protocol change.  I
think we should remove the package from the distribution instead.


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to