Originally uploaded to
debian sid in
Primary Archive for Debian GNU/Linux
Changelog
inetutils (2:1.9.4-12) unstable; urgency=medium
* Switch to Standards-Version 4.5.0 (no changes needed).
* Remove patches from upstream:
- tftpd: Restore logging while chrooted. (We do not ship tftpd.)
* Add patches from upstream:
- Change header inclusion for ifconfig on GNU/Linux, to support musl.
- telnetd: More work on CVE-2019-0053.
- Various compiler warnings fixes.
- telnet: Various off-by-one checks.
- ftp: Fix buffer overflows.
- ping, ping6: Fix memory leaks.
* Add patch from Red Hat / Fedora:
- Fix arbitrary remote code execution in telnetd via short writes or
urgent data. Fixes CVE-2020-10188. Closes: #956084
Thanks to Michal Ruprich <email address hidden>.
Note: While the PoC exploit does not work on inetutils due to the
different codebases, the adapted patch was close enough to apply almost
directly, even though the information leak might appear to still remain.
* Document inetutils-inetd IPv6 support in man page, and modify the
default template inetd.conf to use udp6 and tcp6. Closes: #804766
* Minor wording fixes to default templated inetd.conf.
* Remove long obsolete netkit-inetd Provides and Conflicts from
inetutils-inetd.
* Document that inetutils-inetd -p option without a filename disables
writing a pidfile. Closes: #951680
* Disable building tftp and tftpd, which we are not shipping, and are
causing test suite failures on kfreebsd-amd64.
-- Guillem Jover <email address hidden> Tue, 14 Apr 2020 04:08:13 +0200