Bug#1093385: RM: libnet-easytcp-perl -- ROM; has security bugs, no maintenance upstream, low popcon

Salvatore Bonaccorso carnil at debian.org
Fri Jan 17 21:08:32 GMT 2025


Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: libnet-easytcp-perl at packages.debian.org, Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>, Gunnar Wolf <gwolf at debian.org>, team at security.debian.org, gregoa at debian.org, carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: affects -1 + src:libnet-easytcp-perl
User: ftp.debian.org at packages.debian.org
Usertags: remove

Hi FTP masters

libnet-easytcp-perl has security issues (CVE-2024-56830, note not the
same as CVE-2002-20002) where it fallsback to Perl's builtin rand() if
no strong randomization module is present, and Crypt::Random is not
packaged and used.

Furthermore is upstream basically unmaintained, the last version was
0.26 from 2004.

Additionally it has low popcon, so I think it is affordable for
removal.

Regards,
Salvatore



More information about the pkg-perl-maintainers mailing list