Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: rm Control: clone -1 -2 Control: retitle -2 RM: libnet-ping-external-perl/0.13-1 (stretch)
Hi As prompted by http://www.openwall.com/lists/oss-security/2017/11/07/4 and has been reported to the BTS as #881097: libnet-ping-external-perl is basically unmaintained upstream and has a command injection vulnerability reported upstream without having had a reply. Thus thinking this is basically unmaintained upstream. There are no packages depending on it in Debian, so it looks the safest course of action is to remove it from unstable, stretch and jessie and should not be included uster. Filling here two separates bugs (subjects accordingly) for the removal from jessie and stretch. X-Debbugs-CC to the maintainers and security-team. Regards, Salvatore