Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted inetutils 2:2.7-5 (source) into unstable
Date: Tue, 24 Mar 2026 04:04:07 +0000
Signed by: Guillem Jover <guillem@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Mar 2026 04:33:27 +0100
Source: inetutils
Architecture: source
Version: 2:2.7-5
Distribution: unstable
Urgency: medium
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 1127398 1130741
Changes:
 inetutils (2:2.7-5) unstable; urgency=medium
 .
   * Adapt netkit-telnet patch to not leak unexported environment variables to
     telnetd. Reported by Justin Swartz <justin.swartz@risingedge.co.za>.
     Fixes CVE-2026-32772. (Closes: #1130741)
   * Prevent user local privilege escalation using --debug, which was
     susceptible to symlink attacks, or leaking on-wire credentials to a
     user that had pre-created the file and kept it open. Fix by switching
     from /tmp/telnet.debug to /run/telnet/debug.<pid>, and making the
     setup error checks fatal.
     Partially reported by Justin Swartz <justin.swartz@risingedge.co.za>.
   * Update local telnetd man page to match new --debug behavior.
   * Fix typo in AUTHORS file. (Closes: #1127398)
Checksums-Sha1:
 c0a7a78da9d8a787ecebdd062620894cca725d2b 3247 inetutils_2.7-5.dsc
 1a9be9df4a9ecb17574f9a5994231932aed02aac 87440 inetutils_2.7-5.debian.tar.xz
 7313ac71621ec568eda8132efd76c3ff1cc9dde9 13065 inetutils_2.7-5_amd64.buildinfo
Checksums-Sha256:
 b3f447845cc638d5dfd555f9c49c935aa3ba419607bb40a1f6de2b1ce4f9c532 3247 inetutils_2.7-5.dsc
 ba0cd00a880ce6257a66a51df2b6155242e8f76d83dd33780ce7b2708cc760bc 87440 inetutils_2.7-5.debian.tar.xz
 66251c1dedcacbeaae24aedff0a042782d206f29e7a2cfdc5a08ec8b22a0fc2b 13065 inetutils_2.7-5_amd64.buildinfo
Files:
 674f34ebf6bccbba31fc657ca24debd5 3247 net optional inetutils_2.7-5.dsc
 7d4fa5fa8906bdf1abb75662a669d9af 87440 net optional inetutils_2.7-5.debian.tar.xz
 b9ecbe6ea658f07a7665c4d550caff19 13065 net optional inetutils_2.7-5_amd64.buildinfo


-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpwgndCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdsC8nhrhEUlar8qv1OkPa7cVIhNFieQD2wu2c0mZLB
HRYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAALohAA0aDyfWDZk927O2aNCcJpHoNz
BoNn0C+jiHROcMIJNfzevZ2IPFHgn9Uv6McvDyK5AlWmzEstNMSnorbMy7zttqy9
pXOQBrDx6UtnSi/kYV31hz6C08OuASw7KD6+iQkGzsnEOTd6xyWAtwszdsrabS7u
N7GZypvrHJsbwKhO3uO6boS1g1eKFVZtKUjZ+PnnK9w9vJC55WzMEr1B72HlkQQ6
rq7SEku/Ujsyi6yDQKbytwqfckz36++koMtTQr/6WeTqx40288EDQsKnHw7Vpmjd
u2Bbil4af42rBB+6y4dTFy7BBLhhZz12ep24czn2YJvhgQdsESov3q1PCTA4f3qr
BEvzomY8hkKvF8GuudAhQbetbjX8fnOTLjAIv5IeHf2C5m0hFeSXfJskqqYSPMT7
O//vA6vJSQPcFZ6cVYcMaUolY4HSiBe74FtRQ8I+cWIWc7snvhIB0Ypd8XOt2ga3
qmzV4ZUJHJ8Xv42wS1IrZvAwAfyjt4Zcf3HOsGlzXUd+r7mgDuMv9ad+WkgJBLs5
XlymvNykY9rP51qCypRyvkuIV45laJU/KESacXUuJMjyB+GTRI4EPuvLGWaBWN4J
l1tZ3HAmHNQvDKT4mi96NcXudFQyfz2Xal92cwCGxUzUSXylGxt0uRPokSQbZgl/
uy3vDlZxYDrb+L6OHAs=
=C7gD
-----END PGP SIGNATURE-----
News for package inetutils
