Package: release.debian.org User: [email protected] Usertags: rm X-Debbugs-Cc: [email protected], [email protected], [email protected] Severity: normal
Please remove zulucrypt from bookworm. - Affected by root LPE (Local Privilege Escalation) CVE-2025-53391, which is Debian-specific, rated 9.3/10 by MITRE. https://security-tracker.debian.org/tracker/CVE-2025-53391 - Last maintainer contacted last December and January, no feedback. https://bugs.debian.org/1108288 https://bugs.debian.org/1124603 - Removed from unstable and stable/trixie; last version from 2022 (6.2) while upstream updated twice in 2024 (7.0, 7.1). https://bugs.debian.org/1124603 - No reverse dependencies, per `apt rdepends libzulucrypt1.2.0 zulucrypt-gui zulucrypt-cli libzulucryptpluginmanager1.0.0 zulupolkit` (only self-rdeps) Cheers! Sylvain Beucler Debian LTS Team
