Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1

To: Adrian Bunk <bunk@debian.org>, 1101746@bugs.debian.org
Subject: Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 31 Mar 2025 23:06:33 +0200
Message-id: <[🔎] Z-sD2a0tH71P4stN@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1101746@bugs.debian.org
In-reply-to: <[🔎] 174342425244.1135425.17844364531594165259.reportbug@localhost>
References: <[🔎] 174342425244.1135425.17844364531594165259.reportbug@localhost> <[🔎] 174342425244.1135425.17844364531594165259.reportbug@localhost>

Control: tags -1 - moreinfo

Hi,

On Mon, Mar 31, 2025 at 03:30:52PM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>, security@debian.org
> 
>   * CVE-2025-1860: rand() function was used as default source of entropy
> 
> Tagged moreinfo, as question to the security team whether they want
> this in -pu or as DSA.

A fix via an upcoming point release is fine for this. Moritz has
marked it today as no-dsa for bookworm.

Regards,
Salvatore

Reply to:

References:
- Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Re: Question about CVE fix back-porting to bullseye and bookworm
Next by Date: Processed: Re: Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
Previous by thread: Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
Next by thread: Processed: Re: Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
Index(es):
- Date
- Thread