Hi, On Fri, Dec 30, 2022 at 05:32:49PM +0100, Tobias Frost wrote: > Source: libapreq2 > Severity: serious > Justification: possibly not suitable for a stable release > X-Debbugs-Cc: Debian Security Team <[email protected]>, Salvatore > Bonaccorso <[email protected]> > Control: affects -1 lua-apr > Control: affects -1 rapache > Control: affects -1 libapache2-authcassimple-perl > Control: affects -1 libapache2-sitecontrol-perl > > The package should probably be removed for bookworm, > at least without clarification from upstream about the security issue. > (see for details #1018191)
FTR, let's not close this bug and migrate libapreq2 further for bookworm (even the open known CVEs are addressed) as long it does not get an active maintainer interested supporting potential updates needed for the bookworm release. libapreq2 including the affected rdepds are now out of bookworm. Regards, Salvatore
