Package: ftp.debian.org Severity: normal X-Debbugs-Cc: libnet-easytcp-p...@packages.debian.org, Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>, Gunnar Wolf <gw...@debian.org>, t...@security.debian.org, gre...@debian.org, car...@debian.org, Debian Security Team <t...@security.debian.org> Control: affects -1 + src:libnet-easytcp-perl User: ftp.debian....@packages.debian.org Usertags: remove
Hi FTP masters libnet-easytcp-perl has security issues (CVE-2024-56830, note not the same as CVE-2002-20002) where it fallsback to Perl's builtin rand() if no strong randomization module is present, and Crypt::Random is not packaged and used. Furthermore is upstream basically unmaintained, the last version was 0.26 from 2004. Additionally it has low popcon, so I think it is affordable for removal. Regards, Salvatore
