hi Salvatore! On Fri, Jan 17, 2025 at 10:19:51PM +0100, Salvatore Bonaccorso wrote: > This is the corresponding removal request for libnet-easytcp-perl from > stable, relating to #1093385 for unstable and testing. > > libnet-easytcp-perl has security issues (CVE-2024-56830, note not the > same as CVE-2002-20002) where it fallsback to Perl's builtin rand() if > no strong randomization module is present, and Crypt::Random is not > packaged and used. > > Furthermore is upstream basically unmaintained, the last version was > 0.26 from 2004. > > Additionally it has low popcon, so I think it is affordable for > removal. should this be communicated via src:debian-security-support as well?
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Never waste a crisis.
signature.asc
Description: PGP signature
