Control: tags -1 + confirmed
On 2014-06-13 19:51, Salvatore Bonaccorso wrote:
libplrpc-perl was removed from the archive for unstable[1] as it uses
Storable in an unsafe way, leading to a remote code execution
vulnerability. The idea is to also drop libplrpc-perl from wheezy and
squeeze if possible.
As first step toward this goal I propose to drop the dependency from
libdbi-perl package. Note: There is no real code change in wheezy to
unstable in the corresponding module part, altough in the Debian
package itself libplrpc-perl moved from Depends to Suggests following
upstream recommentation (in version 1.627-1).
[1] https://bugs.debian.org/734789
https://bugs.debian.org/745477
For the debdiff: I removed the dependency (as done for unstable, added
a patch to add a Security notice in the Proxy modules, and also
removed installation of the dbiproxy script).
Please go ahead; thanks.
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
