Your message dated Sat, 15 Mar 2025 08:23:59 +0000 with message-id <E1ttMoJ-005O4z-DJ@fasolo.debian.org> and subject line Bug#1093386: Removed package(s) from stable has caused the Debian Bug report #1093386, regarding RM: libnet-easytcp-perl -- RoQA; unmaintained upstream; security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1093386: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093386 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: RM: libnet-easytcp-perl/0.26-6
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 17 Jan 2025 22:19:51 +0100
- Message-id: <173714879167.2442861.11839249881788416312.reportbug@eldamar.lan>
Package: release.debian.org Severity: normal X-Debbugs-Cc: libnet-easytcp-perl@packages.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>, Gunnar Wolf <gwolf@debian.org>, team@security.debian.org, gregoa@debian.org, carnil@debian.org Control: affects -1 + src:libnet-easytcp-perl User: release.debian.org@packages.debian.org Usertags: rm Dear SRM, This is the corresponding removal request for libnet-easytcp-perl from stable, relating to #1093385 for unstable and testing. libnet-easytcp-perl has security issues (CVE-2024-56830, note not the same as CVE-2002-20002) where it fallsback to Perl's builtin rand() if no strong randomization module is present, and Crypt::Random is not packaged and used. Furthermore is upstream basically unmaintained, the last version was 0.26 from 2004. Additionally it has low popcon, so I think it is affordable for removal. It can be removed from stable: |$ dak rm --suite=bookworm -n -R libnet-easytcp-perl |Will remove the following packages from bookworm: | |libnet-easytcp-perl | 0.26-6 | source, all | |Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> | |------------------- Reason ------------------- | |---------------------------------------------- | |Checking reverse dependencies... |No dependency problem found. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1093386-close@bugs.debian.org
- Subject: Bug#1093386: Removed package(s) from stable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 15 Mar 2025 08:23:59 +0000
- Message-id: <E1ttMoJ-005O4z-DJ@fasolo.debian.org>
We believe that the bug you reported is now fixed; the following package(s) have been removed from stable: libnet-easytcp-perl | 0.26-6 | source, all ------------------- Reason ------------------- RoQA; unmaintained upstream; security issues ---------------------------------------------- Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. Packages are usually not removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. The release team can force a removal from testing if it is really needed, please contact them if this should be the case. Bugs which have been reported against this package are not automatically removed from the Bug Tracking System. Please check all open bugs and close them or re-assign them to another package if the removed package was superseded by another one. The version of this package that was in Debian prior to this removal can still be found using https://snapshot.debian.org/. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1093386@bugs.debian.org. The full log for this bug can be viewed at https://bugs.debian.org/1093386 This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org. Debian distribution maintenance software pp. Archive Administrator (the ftpmaster behind the curtain)Attachment: pgp6AJUvOjnRL.pgp
Description: PGP signature
--- End Message ---