Hi Holger, On Fri, Jan 17, 2025 at 09:41:42PM +0000, Holger Levsen wrote: > hi Salvatore! > > On Fri, Jan 17, 2025 at 10:19:51PM +0100, Salvatore Bonaccorso wrote: > > This is the corresponding removal request for libnet-easytcp-perl from > > stable, relating to #1093385 for unstable and testing. > > > > libnet-easytcp-perl has security issues (CVE-2024-56830, note not the > > same as CVE-2002-20002) where it fallsback to Perl's builtin rand() if > > no strong randomization module is present, and Crypt::Random is not > > packaged and used. > > > > Furthermore is upstream basically unmaintained, the last version was > > 0.26 from 2004. > > > > Additionally it has low popcon, so I think it is affordable for > > removal. > > should this be communicated via src:debian-security-support as well?
Yes maybe additionally to the removal from bookworm in the next point release this should be marked as well as unsupported, I have done a MR for debian-security-support: https://salsa.debian.org/debian/debian-security-support/-/merge_requests/34 Adding Moritz to get an ack/peer review. Regards, Salvatore
