Bug#1093385: RM: libnet-easytcp-perl -- ROM; has security bugs, no maintenance upstream, low popcon
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 17 21:08:32 GMT 2025
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: libnet-easytcp-perl at packages.debian.org, Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>, Gunnar Wolf <gwolf at debian.org>, team at security.debian.org, gregoa at debian.org, carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: affects -1 + src:libnet-easytcp-perl
User: ftp.debian.org at packages.debian.org
Usertags: remove
Hi FTP masters
libnet-easytcp-perl has security issues (CVE-2024-56830, note not the
same as CVE-2002-20002) where it fallsback to Perl's builtin rand() if
no strong randomization module is present, and Crypt::Random is not
packaged and used.
Furthermore is upstream basically unmaintained, the last version was
0.26 from 2004.
Additionally it has low popcon, so I think it is affordable for
removal.
Regards,
Salvatore
More information about the pkg-perl-maintainers
mailing list