[Pkg-matrix-maintainers] Bug#1080047: Should node-matrix-js-sdk be removed from unstable?
Helmut Grohne
helmut at subdivi.de
Fri Aug 30 06:33:15 BST 2024
Source: node-matrix-js-sdk
Severity: serious
Justification: grab attention of maintainer
User: helmutg at debian.org
Usertags: sidremove
Dear maintainer,
I suggest removing node-matrix-js-sdk from Debian for the following reasons:
* It accumulated 4 RC-bugs:
+ #994213: node-matrix-js-sdk: CVE-2021-40823: E2EE vulnerability
Last modified: 2 years
+ #1018970: node-matrix-js-sdk: CVE-2022-36059
Last modified: 1 year, 11 months
+ #1021136: node-matrix-js-sdk: CVE-2022-39236 CVE-2022-39249 CVE-2022-39251
Last modified: 1 year, 10 months
+ #1033621: node-matrix-js-sdk: CVE-2023-28427
Last modified: 1 year, 5 months
* It is not part of bookworm or trixie and is not a key package.
This bug serves as a pre-removal warning. After one month, the bug will be
reassigned to ftp.debian.org to actually request removal of the package.
In case the package should be kept in unstable, please evaluate each of the
RC-bugs listed above.
* If the bug is meant to prevent the package from entering testing or a stable
release, but this package should stay part of unstable, please add a
usertag:
user helmutg at debian.org
usertags NNN + sidremove-ignore
* If the bug no longer applies, please close it. If it is closed, check
whether the fixed version is correct and adjust if necessary.
* Is the bug really release-critical? If not, please downgrade.
* If the bug still applies, please send a status update at least once a year.
Once all of the mentioned RC bugs have been acted upon in one way or another,
please close this bug.
In case the package should be removed from unstable, you may reassign this
bug report:
Control: severity -1 normal
Control: retitle -1 RM: node-matrix-js-sdk -- RoM; rc-buggy
Control: reassign -1 ftp.debian.org
Control: affects -1 + src:node-matrix-js-sdk
Alternatively, you may wait a month and have it reassigned.
In case you disagree with the above, please downgrade this bug below RC
severity. Doing so will also prevent automatic reassignment.
Kind regards
A tool for automatically removing packages from unstable
This bug report has been automatically filed with little human intervention.
If the filing is unclear or in error, don't hesitate to contact
Helmut Grohne <helmut at subdivi.de> for assistance.
More information about the Pkg-matrix-maintainers
mailing list