Register | Log in

netkit-rsh

Choose email to subscribe with

general

source: netkit-rsh (main)
version: 0.17-20
maintainer: Alberto Gonzalez Iniesta [DMD]
arch: any
std-ver: 4.2.1
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.17-15
oldstable: 0.17-17
stable: 0.17-20
testing: 0.17-20
unstable: 0.17-20

versioned links

0.17-15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17-17: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17-20: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

rsh-client (2 bugs: 0, 1, 1, 0)
rsh-server (1 bugs: 0, 1, 0, 0)

action needed

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-07-19 09:19

lintian reports 16 warnings normal

Lintian reports 16 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-11 Last update: 2019-07-11 08:08

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2019-7282: In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
CVE-2019-7283: An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

Please fix them.

Created: 2019-01-31 Last update: 2019-07-07 09:01

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2019-7282: In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
CVE-2019-7283: An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

Please fix them.

Created: 2019-01-31 Last update: 2019-07-07 09:01

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2018-12-24 17:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.2.1).

Created: 2016-09-05 Last update: 2019-07-08 20:08

news

[2019-02-05] netkit-rsh 0.17-20 MIGRATED to testing (Debian testing watch)
[2019-01-30] Accepted netkit-rsh 0.17-20 (source amd64) into unstable (Alberto Gonzalez Iniesta)
[2018-12-29] netkit-rsh 0.17-19 MIGRATED to testing (Debian testing watch)
[2018-12-24] Accepted netkit-rsh 0.17-19 (source amd64) into unstable (Alberto Gonzalez Iniesta)
[2018-03-16] netkit-rsh 0.17-18 MIGRATED to testing (Debian testing watch)
[2018-03-10] Accepted netkit-rsh 0.17-18 (source amd64) into unstable (Alberto Gonzalez Iniesta)
[2016-11-02] netkit-rsh 0.17-17 MIGRATED to testing (Debian testing watch)
[2016-10-27] Accepted netkit-rsh 0.17-17 (source amd64) into unstable (Alberto Gonzalez Iniesta)
[2016-09-10] netkit-rsh 0.17-16 MIGRATED to testing (Debian testing watch)
[2016-09-04] Accepted netkit-rsh 0.17-16 (source amd64) into unstable (Alberto Gonzalez Iniesta)
[2010-06-30] netkit-rsh 0.17-15 MIGRATED to testing (Debian testing watch)
[2010-06-19] Accepted netkit-rsh 0.17-15 (source i386) (Alberto Gonzalez Iniesta)
[2007-08-27] netkit-rsh 0.17-14 MIGRATED to testing (Debian testing watch)
[2007-08-16] Accepted netkit-rsh 0.17-14 (source i386) (Alberto Gonzalez Iniesta)
[2004-11-08] Accepted netkit-rsh 0.17-13 (i386 source) (Alberto Gonzalez Iniesta)
[2004-05-19] Accepted netkit-rsh 0.17-12 (i386 source) (Alberto Gonzalez Iniesta)
[2003-11-19] Accepted netkit-rsh 0.17-11 (i386 source) (Herbert Xu)
[2003-09-19] Accepted netkit-rsh 0.17-10 (i386 source) (Herbert Xu)
[2003-09-13] Accepted netkit-rsh 0.17-9 (i386 source) (Herbert Xu)
[2003-07-19] Accepted netkit-rsh 0.17-8 (i386 source) (Herbert Xu)
[2002-11-17] Accepted netkit-rsh 0.17-7 (i386 source) (Herbert Xu)
[2001-11-14] Installed netkit-rsh 0.17-6 (i386 source) (Herbert Xu)
[2001-06-26] Installed netkit-rsh 0.17-5 (i386 source) (Herbert Xu)
[2001-04-29] Installed netkit-rsh 0.17-4 (i386 source) (Herbert Xu)
[2001-02-11] Installed netkit-rsh 0.17-3 (i386 source) (Herbert Xu)
[2001-01-28] Installed netkit-rsh 0.17-2 (i386 source) (Herbert Xu)
[2000-12-20] Installed netkit-rsh 0.17-1 (i386 source) (Herbert Xu)
[2000-04-09] Installed netkit-rsh 0.16.1-1 (source i386) (Herbert Xu)
[2000-02-02] Installed netkit-rsh 0.10-7 (source i386) (Herbert Xu)
[1999-11-12] Installed netkit-rsh 0.10-6 (source i386) (Herbert Xu)

1
2

bugs [bug history graph]

all: 5
RC: 0
I&N: 3
M&W: 2
F&P: 0
patch: 1

links

lintian (0, 16)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.17-18
2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing