Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted inetutils 2:2.0-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Sat, 03 Sep 2022 12:49:09 +0000
Signed by: Guillem Jover <guillem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Aug 2022 13:34:41 +0200
Source: inetutils
Architecture: source
Version: 2:2.0-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 945861 993476
Changes:
 inetutils (2:2.0-1+deb11u1) bullseye; urgency=medium
 .
   * telnet: Add checks for option reply parsing limits causing buffer
     overflow induced crashes due to long option values.
     Fixes CVE-2019-0053. Closes: #945861
   * Add patch from upstream to fix infinite loop causing a stack exhaustion
     induced crash in telnet client due to malicious server commands.
     Closes: #945861
   * Fix inetutils-ftp security bug trusting FTP PASV responses.
     Fixes CVE-2021-40491. Closes: #993476
   * Fix remote DoS vulnerability in inetutils-telnetd, caused by a crash by
     a NULL pointer dereference when sending the byte sequences «0xff 0xf7»
     or «0xff 0xf8». Found by Pierre Kim and Alexandre Torres. Patch
     adapted by Erik Auerswald <auerswal@unix-ag.uni-kl.de>.
     Fixes CVE-2022-39028.
Checksums-Sha1:
 4b7400eadb5dfc8206fec4fb1f053e36443c0d68 3088 inetutils_2.0-1+deb11u1.dsc
 1d0eec62990382874ab327ba284bd04aa59c9139 77092 inetutils_2.0-1+deb11u1.debian.tar.xz
 e924646dcfcd6efb1fadc38fa26a7b7f144bf07d 13131 inetutils_2.0-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 4986475b8b8073984c91b8c8e5fe387e2e7ed9f8af285410e926acc9ee068f0c 3088 inetutils_2.0-1+deb11u1.dsc
 9672be3cff46a4de5efec6571a95b28a9510e3187e740ddf25369dfcecc0201e 77092 inetutils_2.0-1+deb11u1.debian.tar.xz
 b5fe78aa7b52adece106f92ab65542704c4de8254f1118b2086d825262e3ca16 13131 inetutils_2.0-1+deb11u1_amd64.buildinfo
Files:
 2655721a7c5b0f6b479415cbef7c8f16 3088 net optional inetutils_2.0-1+deb11u1.dsc
 acae8d28e9edff839c9671549cc1ce02 77092 net optional inetutils_2.0-1+deb11u1.debian.tar.xz
 0ed0ed2b3d8683c7b4b3a63e7a60d641 13131 net optional inetutils_2.0-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAmMSZtYACgkQuXK/PqSu
V6MFBRAAyOd1aO4+EBZfKZXP88G8G1VqUtN4QZVSpWr4Rn1He2JBGozgxkMPivJK
In30AN2wqr+EsURW3ir3gKHNfhCmGVVhMTRfWDeEruAfDI9X10cu3yzd1Zr5irr+
fgyhDk9l33IFZRY+xg1/rSnHkhE373hluGl+otNO0kzZf/J45XRovVVqcbrhblQZ
nc/P/9YS9HHdjMa9FiIl1SSaq172qlIsZxzqjTdc2LYp4FH/N41ZpHBwmZ1cA/Ee
0GBOvRZ8zhvRFxWHYRKeqkNBxnoj58N41jtb6OXJeNFzfcwvsTAAgqr62skwIPgH
0iDFkOlZ/ZmwdwzbzmhiwbzxfD3+pFUv9glZf20tQvvRK/OUbia8Om+8Yc/qykew
p/ilc83ztLlRrbx4+EncFeyrhXHBw9JlXbAAv3UXYqM9p74sZ1Dzi0do0G+GARsl
q0XgOxaLk29Gj7YSqczqbh6Cg1Nqbb9rCi2tjl6sN/g0TLiULxNhhj7inze9U4pb
oEMIshsmGCSJ1uH8yQOkZdVkjEHNfr2428g3choTH+APVdWe8Yo3D0KAHCwDUzPk
lYHcxzuok0F+7kfSLE+bXeRGeLEhCYMX0AWXYAoq8g4WK+aSSgJ9Xnh0ibvBA+Ij
CxUk2LKPCCk/hNjhDaWyZw/3TQj/8fuKZF5NSc7iigqQ9KkN5ao=
=aGei
-----END PGP SIGNATURE-----

News for package inetutils