Bug 27171

Summary: perl-PlRPC new security issue CVE-2013-7284
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, shlomif
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: perl-PlRPC-0.202.0-5.mga8.src.rpm CVE:
Status comment: Not fixed upstream as of end of 2020

Description David Walser 2020-08-21 21:34:03 CEST 
SUSE has issued an advisory on August 14:
https://lists.suse.com/pipermail/sle-security-updates/2020-August/007267.html

The "solution" for the update was a patch to document the security issue, and they said the package should be dropped from future releases.  We should do the same.
David Walser 2020-08-21 21:34:33 CEST

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Package should be dropped

Comment 1 Lewis Smith 2020-08-21 21:59:12 CEST 
This SRPM has no consistent maintainer, so assigning this bug globally. CC'ing Shlomi for comment.

P.S. In maintdb.txt, this is listed as 'perl-PlRPC' which looks like a typo - but is not! Sans-serif fonts make lower-case 'l' look like '|'.

CC: (none) => shlomif
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Lécureuil 2020-12-27 18:43:46 CET 
following https://security-tracker.debian.org/tracker/CVE-2013-7284, i think we can drop this package.

CC: (none) => mageia

Comment 3 David Walser 2020-12-27 18:54:31 CET 
Agreed.  perl-DBI-proxy requires this, so it needs to be fixed to not require it (if possible) or also dropped.  Nothing requires perl-DBI-proxy.
Comment 4 Nicolas Lécureuil 2021-01-02 02:04:56 CET 
Removed from cauldron.

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
Status comment: Package should be dropped => (none)

David Walser 2021-01-02 02:08:51 CET

Status comment: (none) => Not fixed upstream as of end of 2020

Comment 5 David Walser 2021-07-01 18:23:53 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Status: NEW => RESOLVED
Resolution: (none) => OLD