On Thu, Jan 09, 2014 at 09:01:53PM +0100, Florian Weimer wrote: > Package: libplrpc-perl > Severity: grave > Version: 0.2020-2 > Tags: security upstream > > The PlRPC module uses Storable in an unsafe way, leading to a remote > code execution vulnerability (in both the client and the server). > > Upstream bug report: > > https://rt.cpan.org/Public/Bug/Display.html?id=90474 > > A fix (which is not yet available) requires a protocol change. I > think we should remove the package from the distribution instead.
Anibal, what's the status? Do you agree with the removal? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org