Control: tags -1 + pending On Thu, 2014-06-19 at 14:17 +0200, Salvatore Bonaccorso wrote: > On Thu, Jun 19, 2014 at 01:06:14PM +0100, Adam D. Barratt wrote: > > On 2014-06-13 19:51, Salvatore Bonaccorso wrote: > > >libplrpc-perl was removed from the archive for unstable[1] as it uses > > >Storable in an unsafe way, leading to a remote code execution > > >vulnerability. The idea is to also drop libplrpc-perl from wheezy and > > >squeeze if possible. > > > > > >As first step toward this goal I propose to drop the dependency from > > >libdbi-perl package. Note: There is no real code change in wheezy to > > >unstable in the corresponding module part, altough in the Debian > > >package itself libplrpc-perl moved from Depends to Suggests following > > >upstream recommentation (in version 1.627-1). > > > > > > [1] https://bugs.debian.org/734789 > > > https://bugs.debian.org/745477 > > > > > >For the debdiff: I removed the dependency (as done for unstable, added > > >a patch to add a Security notice in the Proxy modules, and also > > >removed installation of the dbiproxy script). > > > > Please go ahead; thanks. > > Thank you, just uploaded.
Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
