Accepted inetutils 2:2.0-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted inetutils 2:2.0-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 03 Sep 2022 12:49:09 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=wBj7Bz0AT/7tY4BGPJ3mgrZruinqgpKV0SACTpGzjtk=; b=izf+9nCT1PbpncvhjNDTOX6hkr 4OZZSmrjoK1GIe7Ik9Y399v35eUIhsvq8a+xZfLSySVjSxH5ZCdyMPGvrlbNQ+/tKsdR73B9KQETb 6VyAgMAnvAfyZ4ZQ0yMz9MFXf+TkMiqhRLujNV0XLaCJPaUs70dCurrot/WVrCKO4XnKKBzHvBi/+ uFk7A/6Dy8/8aTFeJ6FPlXQAhnUHsTJpSh7OQ1mKGOpl3ClaGdHABcHuUNtkSDbn/j7k/DNOjKXbs HgqiwS4IzAaRTj5gkrFRAOccQrx52tQXw7lcklXJEdde+2Jvmdz7d0m2uwbCk9WqGXcXluk9n0Gn1 uzk+EQbQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oUSaD-00ED9H-NQ@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 30 Aug 2022 13:34:41 +0200
Source: inetutils
Architecture: source
Version: 2:2.0-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 945861 993476
Changes:
inetutils (2:2.0-1+deb11u1) bullseye; urgency=medium
.
* telnet: Add checks for option reply parsing limits causing buffer
overflow induced crashes due to long option values.
Fixes CVE-2019-0053. Closes: #945861
* Add patch from upstream to fix infinite loop causing a stack exhaustion
induced crash in telnet client due to malicious server commands.
Closes: #945861
* Fix inetutils-ftp security bug trusting FTP PASV responses.
Fixes CVE-2021-40491. Closes: #993476
* Fix remote DoS vulnerability in inetutils-telnetd, caused by a crash by
a NULL pointer dereference when sending the byte sequences «0xff 0xf7»
or «0xff 0xf8». Found by Pierre Kim and Alexandre Torres. Patch
adapted by Erik Auerswald <auerswal@unix-ag.uni-kl.de>.
Fixes CVE-2022-39028.
Checksums-Sha1:
4b7400eadb5dfc8206fec4fb1f053e36443c0d68 3088 inetutils_2.0-1+deb11u1.dsc
1d0eec62990382874ab327ba284bd04aa59c9139 77092 inetutils_2.0-1+deb11u1.debian.tar.xz
e924646dcfcd6efb1fadc38fa26a7b7f144bf07d 13131 inetutils_2.0-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
4986475b8b8073984c91b8c8e5fe387e2e7ed9f8af285410e926acc9ee068f0c 3088 inetutils_2.0-1+deb11u1.dsc
9672be3cff46a4de5efec6571a95b28a9510e3187e740ddf25369dfcecc0201e 77092 inetutils_2.0-1+deb11u1.debian.tar.xz
b5fe78aa7b52adece106f92ab65542704c4de8254f1118b2086d825262e3ca16 13131 inetutils_2.0-1+deb11u1_amd64.buildinfo
Files:
2655721a7c5b0f6b479415cbef7c8f16 3088 net optional inetutils_2.0-1+deb11u1.dsc
acae8d28e9edff839c9671549cc1ce02 77092 net optional inetutils_2.0-1+deb11u1.debian.tar.xz
0ed0ed2b3d8683c7b4b3a63e7a60d641 13131 net optional inetutils_2.0-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAmMSZtYACgkQuXK/PqSu
V6MFBRAAyOd1aO4+EBZfKZXP88G8G1VqUtN4QZVSpWr4Rn1He2JBGozgxkMPivJK
In30AN2wqr+EsURW3ir3gKHNfhCmGVVhMTRfWDeEruAfDI9X10cu3yzd1Zr5irr+
fgyhDk9l33IFZRY+xg1/rSnHkhE373hluGl+otNO0kzZf/J45XRovVVqcbrhblQZ
nc/P/9YS9HHdjMa9FiIl1SSaq172qlIsZxzqjTdc2LYp4FH/N41ZpHBwmZ1cA/Ee
0GBOvRZ8zhvRFxWHYRKeqkNBxnoj58N41jtb6OXJeNFzfcwvsTAAgqr62skwIPgH
0iDFkOlZ/ZmwdwzbzmhiwbzxfD3+pFUv9glZf20tQvvRK/OUbia8Om+8Yc/qykew
p/ilc83ztLlRrbx4+EncFeyrhXHBw9JlXbAAv3UXYqM9p74sZ1Dzi0do0G+GARsl
q0XgOxaLk29Gj7YSqczqbh6Cg1Nqbb9rCi2tjl6sN/g0TLiULxNhhj7inze9U4pb
oEMIshsmGCSJ1uH8yQOkZdVkjEHNfr2428g3choTH+APVdWe8Yo3D0KAHCwDUzPk
lYHcxzuok0F+7kfSLE+bXeRGeLEhCYMX0AWXYAoq8g4WK+aSSgJ9Xnh0ibvBA+Ij
CxUk2LKPCCk/hNjhDaWyZw/3TQj/8fuKZF5NSc7iigqQ9KkN5ao=
=aGei
-----END PGP SIGNATURE-----