merge 1134891 1135625 thanks On Sun, May 03, 2026 at 07:31:29PM +0200, Sylvain Beucler wrote: > Package: release.debian.org > User: [email protected] > Usertags: rm > X-Debbugs-Cc: [email protected], [email protected], > [email protected] > Severity: normal > > Please remove zulucrypt from bookworm. > > - Affected by root LPE (Local Privilege Escalation) CVE-2025-53391, > which is Debian-specific, rated 9.3/10 by MITRE. > https://security-tracker.debian.org/tracker/CVE-2025-53391 > > - Last maintainer contacted last December and January, no feedback. > https://bugs.debian.org/1108288 > https://bugs.debian.org/1124603 > > - Removed from unstable and stable/trixie; last version from 2022 > (6.2) while upstream updated twice in 2024 (7.0, 7.1). > https://bugs.debian.org/1124603 > > - No reverse dependencies, per `apt rdepends libzulucrypt1.2.0 > zulucrypt-gui zulucrypt-cli libzulucryptpluginmanager1.0.0 > zulupolkit` (only self-rdeps)
All great minds think alike :-) But this has already been filed as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134891 Cheers, Moritz
