Package: ftp.debian.org Severity: normal Hi
As prompted by http://www.openwall.com/lists/oss-security/2017/11/07/4 and has been reported to the BTS as #881097: libnet-ping-external-perl is basically unmaintained upstream and has a command injection vulnerability reported upstream without having had a reply. Thus thinking this is basically unmaintained upstream. The same version is back in wheezy. There are no packages depending on it in Debian, so it looks the safest course of action is to remove it from unstable (possibly as well from other suites later on via point release) and not having it included in buster. Regards Salvatore

