On Thu, Jan 09, 2014 at 09:01:53PM +0100, Florian Weimer wrote:
> Package: libplrpc-perl
> Severity: grave
> Version: 0.2020-2
> Tags: security upstream
>
> The PlRPC module uses Storable in an unsafe way, leading to a remote
> code execution vulnerability (in both the client and the server).
>
> Upstream bug report:
>
> https://rt.cpan.org/Public/Bug/Display.html?id=90474
>
> A fix (which is not yet available) requires a protocol change. I
> think we should remove the package from the distribution instead.
Anibal, what's the status? Do you agree with the removal?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]