[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#754834: squeeze-pu: package libdbi-perl/1.612-1+deb6u1

Hi Adam,

On Mon, Jul 14, 2014 at 09:26:06PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Mon, 2014-07-14 at 22:14 +0200, Salvatore Bonaccorso wrote:
> > This is the corresponding proposed update for libdbi-perl as for
> > wheezy, see [1], in case I'm still in time for squeeze-pu. Attached is
> > proposed debdiff for squeeze. libplrpc-perl was removed from the
> > archive for unstable[1] as it uses Storable in an unsafe way, leading
> > to a remote code execution vulnerability. The idea is to also drop
> > libplrpc-perl from squeeze. As first step again the dependency needs
> > to be removed from libdbi-perl.
> >
> >  [1] https://bugs.debian.org/751527
>
> As mentioned on IRC, I think we should get this sorted for Squeeze,
> despite being after the window officially closed. Please go ahead;
> thanks.

Thank you, uploaded.

>
> I'll clone the libplrpc-perl wheezy bug for squeeze.

Sorry, haven't seen this reply before opening a new one myself, it is
#754836.

Thank you,

Regards,
Salvatore
Reply to: