Accepted inetutils 2:1.9.4-12 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Apr 2020 04:08:13 +0200
Source: inetutils
Architecture: source
Version: 2:1.9.4-12
Distribution: unstable
Urgency: medium
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 804766 951680 956084
Changes:
inetutils (2:1.9.4-12) unstable; urgency=medium
.
* Switch to Standards-Version 4.5.0 (no changes needed).
* Remove patches from upstream:
- tftpd: Restore logging while chrooted. (We do not ship tftpd.)
* Add patches from upstream:
- Change header inclusion for ifconfig on GNU/Linux, to support musl.
- telnetd: More work on CVE-2019-0053.
- Various compiler warnings fixes.
- telnet: Various off-by-one checks.
- ftp: Fix buffer overflows.
- ping, ping6: Fix memory leaks.
* Add patch from Red Hat / Fedora:
- Fix arbitrary remote code execution in telnetd via short writes or
urgent data. Fixes CVE-2020-10188. Closes: #956084
Thanks to Michal Ruprich <michalruprich@gmail.com>.
Note: While the PoC exploit does not work on inetutils due to the
different codebases, the adapted patch was close enough to apply almost
directly, even though the information leak might appear to still remain.
* Document inetutils-inetd IPv6 support in man page, and modify the
default template inetd.conf to use udp6 and tcp6. Closes: #804766
* Minor wording fixes to default templated inetd.conf.
* Remove long obsolete netkit-inetd Provides and Conflicts from
inetutils-inetd.
* Document that inetutils-inetd -p option without a filename disables
writing a pidfile. Closes: #951680
* Disable building tftp and tftpd, which we are not shipping, and are
causing test suite failures on kfreebsd-amd64.
Checksums-Sha1:
5652f641db425eb5c8fdbc3a3f721c09b469e75b 3084 inetutils_1.9.4-12.dsc
c6512c1974fad1f7b03eef8baf0ecc05c6379b70 163 inetutils_1.9.4.orig.tar.xz.asc
8c43fe43f75e913245a4a55d9895c0df47a19534 112748 inetutils_1.9.4-12.debian.tar.xz
1033b60e9fa4e67b99f6dc6b8c33126b35cc0304 12760 inetutils_1.9.4-12_amd64.buildinfo
Checksums-Sha256:
8ff53a9f45cbd0fb9065a81ba6120fe51f2291c77187fce4f54fdcc32c8da9db 3084 inetutils_1.9.4-12.dsc
d570ff2369cf42238bcfd63cc1faacbc440652d753f4f0b62bb770ba7a497609 163 inetutils_1.9.4.orig.tar.xz.asc
bad5caf9be8978f3ea7efa8e6209ee7aab8cc002ef50f81c4286396993e64da8 112748 inetutils_1.9.4-12.debian.tar.xz
f8787c4b00435aed181605775d616fc884ed288235a3530354ccaef356346c46 12760 inetutils_1.9.4-12_amd64.buildinfo
Files:
a9aa0e6a42fbb2999b40e440ee16c51c 3084 net optional inetutils_1.9.4-12.dsc
094681dc589bc04f918febd601a38fca 163 net optional inetutils_1.9.4.orig.tar.xz.asc
282b37aadf7a546670e2ad67fc990680 112748 net optional inetutils_1.9.4-12.debian.tar.xz
a9bc3cd0a2d9194a9e0464dd16cce21e 12760 net optional inetutils_1.9.4-12_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAl6VHBYACgkQuXK/PqSu
V6PCKxAA5XIVty1Yt18NIJxenNapdyUfnF1xvXr8a3V84CyK9Az/E9DbZOBwjq/J
NiHcZDA+9PRW0Z80i1MMbAXfOQQ54xdGrRj0oSAxUWaViBxQmTVplwtLID/l/Uaf
k7VlzaSakHgwLawW3FwfZBctuL2daFnxujKTr/0pjtSOa4UjMiwjaIQlOX0j8cRw
Bdj+SOPREg5m64b6Fm88I3J+bLw1UghY/SjgvFfwfCR/7NbxC5boixEHfPosg/Az
Vg1XG2/jP2uNaI6vBPFwPL8b/TAzSexL1TXIYVuqrGqhPxlp0FCHmzVb0t+b4MgS
gMWzrF9eG5gXffHt7x4Flt9hPjcS0DwPzFx69VWFWaA0ELmUoUxN/Be7eR6dACzl
SOpm3+DSYaS6mUPuMM1RdA9uRTJBKjwVqjwhKDpp2YQybDLKBX/TCrz7Ge4caSQk
xog1hsgitkQw0vQMq/ox8lGo2DeQ36/MV23KPOgGvsZdOERfzVtK18cotI+dpe5F
hfmtmjGIzbxragBTY2DAc3RPDETTESu8qL5VwmX31N37AROtLlbnLCZFgPOw3OI+
HBrRuVDKS4g4UJHJOl1M5j7U7xGJ6ZxBcyWyKUqw/x48u73N02wnH3m4vR0sfag+
2Dfh3VsDI12svgL6BKbYS8CmLqQU7+PrDGL9vbpnNTZbuK+BcFY=
=4iOu
-----END PGP SIGNATURE-----