[fnord123]

Are you talking about CGI.pm? That was removed from core modules in 5.22 (in 2015) which was only the year before his talk. Debian Jesse even has Perl 5.20 as the stable version[1]. Centos 7 ships with 5.16. Of course you can have your sysadmin install an up to date version, but CGI.pm is still in play as part of Perl.

Maybe this year he'll talk about Perl 6 since 5.x is all old hat. ;)

[1] https://packages.debian.org/jessie/perl-base

[Mithaldu]

No, the vulns were in software that used CGI.pm and used it naive ways. CGI.pm had a design decision in its API, that can lead to, but does not constitute a vulnerability, and is a feature to those using it appropiately.