Back to inetutils PTS page

Accepted inetutils 2:1.9.4-7+deb10u2 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted inetutils 2:1.9.4-7+deb10u2 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 25 Nov 2022 01:00:19 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: inetutils_1.9.4-7+deb10u2_source.changes
Debian-source: inetutils
Debian-suite: oldstable
Debian-version: 2:1.9.4-7+deb10u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=XodE7PK5ZnRIkgyNX5ARJTHLrBmN/9UkZLMCb5qzwgM=; b=Sh42p7UsuAuQAYcBxVWcP8XLyO i1hUNxIPx/gktvJbIHMIdpq7k8KhMG5fRh9u6sHDLhL9X3qjdcHkMnroMtqVRD5qu7Mbc0QYlS3dd xmrduHD/dL8FBVvuB9tY0/VQB3knmixiiRExaXgMJfjQYrL5Bgh0MJmCmPae9YQCoMnlsAuV7EUjA GOLxP73AxXZhmM1aFdtBCV9HpmrtlsYrF2ezXqZLCSkGIET7oJneY5RJAx9DQsPXbyEGMl12+S2jk C3w40SbFoJrLiO1hOzGbWAZzT4WeVkfCizBEJ2D7TDaPa5Njaii6aW8aKhYRfhnFhEn6+8Nl2wphr eDLWExCg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1oyN4l-00Einz-1C@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 25 Nov 2022 00:45:09 +0100
Source: inetutils
Architecture: source
Version: 2:1.9.4-7+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 945861 956084 993476
Changes:
 inetutils (2:1.9.4-7+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Cherry-pick patches from s-p-u to fix:
     + CVE-2019-0053: inetutils' telnet client doesn't sufficiently validate
       environment variables, which can lead to stack-based buffer overflows.
       Closes: #945861.
     + CVE-2021-40491: inetutils' ftp client before 2.2 does not validate
       addresses returned by PSV/LSPV responses to make sure they match the
       server address.  An evil ftpd can use this flaw to access services in
       the client's private network.  This is similar to curl's CVE-2020-8284.
       Closes: #993476.
     + CVE-2022-39028: inetutils's telnetd through 2.3 has a NULL pointer
       dereference which a client can trigger by sending 0xff 0xf7 or 0xff
       0xf8.  Closes: #956084.
   * Add d/gbp.conf to point to 'debian/buster' branch.
   * Add d/salsa-ci.yml.
Checksums-Sha1:
 d88026c81d01b40d51094d17c2fc87de8b4e68cc 2739 inetutils_1.9.4-7+deb10u2.dsc
 8dc4e66e80678fe86717d486e470b395258c2fd5 98576 inetutils_1.9.4-7+deb10u2.debian.tar.xz
 65e9c78ef82ce9429165c0bb4d58bca91aa33eba 13239 inetutils_1.9.4-7+deb10u2_amd64.buildinfo
Checksums-Sha256:
 e1f6f63ae981dbdf239a51995cf0e045fd6ebb630dc7d4274e26945dd15c3ce2 2739 inetutils_1.9.4-7+deb10u2.dsc
 005490d899975de4c73b506b535f36b6fab692da1c919ebd5b6f33ca4880c97b 98576 inetutils_1.9.4-7+deb10u2.debian.tar.xz
 0ba7fb609affb08d7d87879590f4ed6142cf0cf37ce774fe0d6940c38ad8931c 13239 inetutils_1.9.4-7+deb10u2_amd64.buildinfo
Files:
 5f71e2117dff69fa614a353144416b5d 2739 net optional inetutils_1.9.4-7+deb10u2.dsc
 e564a267e1bc3625a14670524b6b457f 98576 net optional inetutils_1.9.4-7+deb10u2.debian.tar.xz
 eb259e2b837703a624c419c187c5015e 13239 net optional inetutils_1.9.4-7+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmOAAyYACgkQ05pJnDwh
pVIIBxAAj/uu/8i712d0+3GOxjMaDU5o96Z1p8WWEFvKq9fvlsrAZOAdSGYjNCih
Bat+d938OPa1H1RMosYjC/kPwRglgAVpE22p/3LMnrulO2mAv3psnoU9aSrGh0tU
xwN+3Tkjl8/VC9Cl1oYDLJNKfkOvtgqrqLInxvlU1Tx1xNqehpgWhIZobPHgBDOT
CxCWjuUHAdQlNnI5H5qBb8wa9zNh2MWXfRrjdEY3WjCFqN8fmxTFYfQ0Z4pIqNlM
tdz/3+Qmkm2s3IvkujDZyifFFDNu7GGpy4XK+PXyKAgj5Me3aFG+yhg2LB7ioB+p
XtzcnkXzpDoliGJsfKrVA2u2X+sd3oID/f/iYXwmt4eUMJ+PoQLGmErKG5aSsYst
I6V+LrFmYTXLE/uSOjSURpo2yXTzHMXPJIYf1aUVf8X0vlnOorkLUXxBOTew7C6M
R+8g5AUSCLXtFmLHYgYp0/AgYnkUv/ON6vxvSEpYb2JyfQvXaSRlfCYzaBpiaoWF
XHW7G2wSQv1IZYvYKyk9MawEDwCPhU2Hfs+9LYbwM1O3crWHK+ERwrc3oLVsCcgc
DT+/jjLA0zAJtWaXwJzvmTkZrue7e5Ej4dxeL19DFzVjhmJy8npznIRuIAS1E51C
dGtMvPV9Pj4gNoOVXr6KNBg4Vv71N+rKvZ6JgE3GnsKRcdrg+ec=
=A4wv
-----END PGP SIGNATURE-----