Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted inetutils 2:2.7-4 (source) into unstable
Date: Mon, 16 Mar 2026 09:04:28 +0000
Signed by: Guillem Jover <guillem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Mar 2026 09:22:45 +0100
Source: inetutils
Architecture: source
Version: 2:2.7-4
Distribution: unstable
Urgency: high
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 1130742
Changes:
 inetutils (2:2.7-4) unstable; urgency=high
 .
   * Update patch metadata.
   * Add patches from upstream:
     - Ignore all environment options from clients unless the variable was
       listed in the new --accept-env telnetd option. This mitigates privilege
       escalation using environment variables.
       This is the complete fix for CVE-2026-24061, with its own CVE pending.
     - Fix stack buffer overlflow processing SLC suboption triplets.
       Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg,
       Daniel Lubel at DREAM Security Research Team.
       Fixes CVE-2026-32746. (Closes: #1130742)
Checksums-Sha1:
 9f18d2611b28263912bc54e01bc3fb909f1b32bb 3247 inetutils_2.7-4.dsc
 300713e04243339aa2d262486eca253c5acb23df 84180 inetutils_2.7-4.debian.tar.xz
 458440582fd56f19de88e3b2aac9545ba2ea8bf2 13071 inetutils_2.7-4_amd64.buildinfo
Checksums-Sha256:
 479b567c34c47fc8692fdd5ad71d48577a10b6a67cc76613524715d617141da7 3247 inetutils_2.7-4.dsc
 d3fc70678ab3af255e46b8b46e46673414e3ec14eaef93adea1a434d49d7b990 84180 inetutils_2.7-4.debian.tar.xz
 3e3829c456883fa5ca1fca758ad7fe6f9dc3ea3290103227a180f89e16480b2e 13071 inetutils_2.7-4_amd64.buildinfo
Files:
 fafab05a04416c0b239cfd2632149109 3247 net optional inetutils_2.7-4.dsc
 c2d9847694e397095bb772441f7760ec 84180 net optional inetutils_2.7-4.debian.tar.xz
 90ce864394a56da63b15c07f45a9a1b9 13071 net optional inetutils_2.7-4_amd64.buildinfo


-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpt8CrCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmekj6Xp6PP/8Vtvkjxvq1h3DW5D72gk0zdjuEIReiFe
uRYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAAE3RAAqkSwN5mpR2CxrHiVYVuDhW8I
Q4tOA8PufKDopfSDzxcoOpzVt0BHnFY6PgG0CPMTwCCtEYi+Tqmm6lJSZi2f1PU1
Hz8DbR3UffKVSb8Q55SIffBA4c97kXxFTpZOc/SnhAENu32IPaR1ILXN8JgfPPs0
W/u+WEgYcwUyHLDuzn5NvjXaYWgslaz7pDhSIh0PkVhDqEa5vYED57APegyNwPsa
qblmi7lX6q9LIAb8NdJHbNBUSi/MyA6jTPEdLw/ZGsv5aXRf/FZbAOTX3H6T8BEd
JYYuPHY/cLAKgoil7jqUzouFFcH90NVzm5nIPOojt3WCRcDw5809SMmtDURU0A/T
HK93HEFOHZiUqzusmO0N9KZX7Non9AlYg+HkyeoKvbEWJ+OMEqEc5hr+r6r0Ii40
X9rSh5Ctb7nGoLeE2fssCQCA1j4FXcZWOfMTfr2LQ1S9jmeGL40aodH/NGwWGWbk
fWuSWioGW7bWmC53OGkVsloIRqNm2sh81DTTm+C+znZePvslSXltZFCfXK4B6Jzu
hgCl9IAINB9sWh4u0KuO5O8u9CAt3dSA07Sb+iSV02NTaHJTGtr0KS4sljOFa+mS
LRDzObBG0FzrAIQ+ENItE3ZuuKltlgyuF/kzWcsKS6AuUsiEYDXgi9T0Q1TPcAAz
4kav++g7PvEn2msM+fg=
=Uqd/
-----END PGP SIGNATURE-----

News for package inetutils