[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#751527: wheezy-pu: package libdbi-perl/1.622-1+deb7u1

Control: tags -1 + pending

On Thu, 2014-06-19 at 14:17 +0200, Salvatore Bonaccorso wrote:
> On Thu, Jun 19, 2014 at 01:06:14PM +0100, Adam D. Barratt wrote:
> > On 2014-06-13 19:51, Salvatore Bonaccorso wrote:
> > >libplrpc-perl was removed from the archive for unstable[1] as it uses
> > >Storable in an unsafe way, leading to a remote code execution
> > >vulnerability. The idea is to also drop libplrpc-perl from wheezy and
> > >squeeze if possible.
> > >
> > >As first step toward this goal I propose to drop the dependency from
> > >libdbi-perl package. Note: There is no real code change in wheezy to
> > >unstable in the corresponding module part, altough in the Debian
> > >package itself libplrpc-perl moved from Depends to Suggests following
> > >upstream recommentation (in version 1.627-1).
> > >
> > > [1] https://bugs.debian.org/734789
> > >     https://bugs.debian.org/745477
> > >
> > >For the debdiff: I removed the dependency (as done for unstable, added
> > >a patch to add a Security notice in the Proxy modules, and also
> > >removed installation of the dbiproxy script).
> > 
> > Please go ahead; thanks.
> 
> Thank you, just uploaded.

Flagged for acceptance.

Regards,

Adam
Reply to: