Register | Log in

inetutils

Choose email to subscribe with

general

source: inetutils (main)
version: 2:2.7-4
maintainer: Guillem Jover (DMD)
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2:2.0-1+deb11u2
o-o-sec: 2:2.0-1+deb11u3
oldstable: 2:2.4-2+deb12u1
old-sec: 2:2.4-2+deb12u2
old-p-u: 2:2.4-2+deb12u2
stable: 2:2.6-3+deb13u2
stable-sec: 2:2.6-3+deb13u2
testing: 2:2.7-3
unstable: 2:2.7-4

versioned links

2:2.0-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:2.0-1+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:2.4-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:2.4-2+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:2.6-3+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:2.7-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:2.7-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

inetutils-ftp
inetutils-ftpd
inetutils-inetd
inetutils-ping (2 bugs: 0, 0, 2, 0)
inetutils-syslogd (3 bugs: 0, 3, 0, 0)
inetutils-talk
inetutils-talkd (1 bugs: 0, 1, 0, 0)
inetutils-telnet (2 bugs: 0, 0, 2, 0)
inetutils-telnetd (1 bugs: 0, 0, 1, 0)
inetutils-tools
inetutils-traceroute
telnet
telnetd

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2026-32746: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2026-32772: telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Created: 2026-03-14 Last update: 2026-03-16 17:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-32772: telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Created: 2026-03-14 Last update: 2026-03-16 17:00

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2026-32746: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2026-32772: telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Created: 2026-03-14 Last update: 2026-03-16 17:00

3 security issues in bullseye high

There are 3 open security issues in bullseye.

2 important issues:

CVE-2026-32746: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2026-32772: telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

1 ignored issue:

CVE-2026-28372: telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Created: 2026-03-14 Last update: 2026-03-16 17:00

3 security issues in bookworm high

There are 3 open security issues in bookworm.

2 important issues:

CVE-2026-32746: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVE-2026-32772: telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

1 ignored issue:

CVE-2026-28372: telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Created: 2026-02-16 Last update: 2026-03-16 17:00

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-03-17 21:00

testing migrations

excuses:
- Migration status for inetutils (2:2.7-3 to 2:2.7-4): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for backuppc/4.4.0-11: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for coturn/4.6.1-2: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for fai/6.5.6: amd64: Pass, arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻, ppc64el: Test triggered, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for fence-agents/4.17.0-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for fwlogwatch/1.4-6: amd64: No tests, superficial or marked flaky ♻ (reference ♻), arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: Test triggered, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for gpsd/3.27.5-0.1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for heartbeat/1:3.0.6-18: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for inetutils/2:2.7-4: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for lava/2026.01-5: amd64: Pass, arm64: Pass, i386: Failed (not a regression) ♻ (reference ♻), ppc64el: Test triggered (will not be considered a regression) ♻ (reference ♻), riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for libnet-traceroute-perl/1.15-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for ngircd/27-2: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for popa3d/1.0.3-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for prometheus-postfix-exporter/0.19.0-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for rancid/3.14-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for reform-tools/1.85-1: amd64: No tests, superficial or marked flaky ♻ (reference ♻), arm64: Pass, i386: No tests, superficial or marked flaky ♻, ppc64el: Test triggered, riscv64: No tests, superficial or marked flaky ♻, s390x: Test triggered
- ∙ ∙ Autopkgtest for remctl/3.18-5: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, riscv64: Pass, s390x: Test triggered
- Additional info (not blocking):
- ∙ ∙ Updating inetutils will fix bugs in testing: #1130742
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/i/inetutils.html
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproducibility check waiting for results on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproducibility check waiting for results on i386
- ∙ ∙ Reproducibility check waiting for results on ppc64el
- ∙ ∙ 2 days old (needed 2 days)
- Not considered

news

[2026-03-16] Accepted inetutils 2:2.7-4 (source) into unstable (Guillem Jover)
[2026-02-20] inetutils 2:2.7-3 MIGRATED to testing (Debian testing watch)
[2026-02-19] Accepted inetutils 2:2.6-3+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Guillem Jover)
[2026-02-19] Accepted inetutils 2:2.6-3+deb13u2 (source) into stable-security (Debian FTP Masters) (signed by: Guillem Jover)
[2026-02-16] Accepted inetutils 2:2.7-3 (source) into unstable (Guillem Jover)
[2026-01-24] Accepted inetutils 2:2.0-1+deb11u3 (source) into oldoldstable-security (Andreas Henriksson)
[2026-01-24] Accepted inetutils 2:2.4-2+deb12u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Guillem Jover)
[2026-01-24] Accepted inetutils 2:2.6-3+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Guillem Jover)
[2026-01-24] inetutils 2:2.7-2 MIGRATED to testing (Debian testing watch)
[2026-01-22] Accepted inetutils 2:2.4-2+deb12u2 (source) into oldstable-security (Debian FTP Masters) (signed by: Guillem Jover)
[2026-01-22] Accepted inetutils 2:2.6-3+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Guillem Jover)
[2026-01-20] Accepted inetutils 2:2.7-2 (source) into unstable (Guillem Jover)
[2025-12-19] inetutils 2:2.7-1 MIGRATED to testing (Debian testing watch)
[2025-12-17] Accepted inetutils 2:2.7-1 (source) into unstable (Guillem Jover)
[2025-08-16] inetutils 2:2.6-4 MIGRATED to testing (Debian testing watch)
[2025-08-10] Accepted inetutils 2:2.6-4 (source) into unstable (Guillem Jover)
[2025-07-04] inetutils 2:2.6-3 MIGRATED to testing (Debian testing watch)
[2025-06-22] Accepted inetutils 2:2.6-3 (source) into unstable (Guillem Jover)
[2025-06-20] Accepted inetutils 2:2.6-2 (source) into unstable (Guillem Jover)
[2025-02-25] inetutils 2:2.6-1 MIGRATED to testing (Debian testing watch)
[2025-02-22] Accepted inetutils 2:2.6-1 (source) into unstable (Guillem Jover)
[2025-02-20] inetutils 2:2.5-6 MIGRATED to testing (Debian testing watch)
[2025-02-18] Accepted inetutils 2:2.5-6 (source) into unstable (Guillem Jover)
[2024-06-26] inetutils 2:2.5-5 MIGRATED to testing (Debian testing watch)
[2024-06-23] Accepted inetutils 2:2.5-5 (source) into unstable (Guillem Jover)
[2024-05-09] inetutils 2:2.5-4 MIGRATED to testing (Debian testing watch)
[2024-05-02] Accepted inetutils 2:2.5-4 (source) into unstable (Guillem Jover)
[2024-01-18] inetutils 2:2.5-3 MIGRATED to testing (Debian testing watch)
[2024-01-16] Accepted inetutils 2:2.5-3 (source) into unstable (Guillem Jover)
[2024-01-07] Accepted inetutils 2:2.5-2 (source) into experimental (Guillem Jover)

1
2

bugs [bug history graph]

all: 14
RC: 0
I&N: 5
M&W: 9
F&P: 0
patch: 2

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:2.7-2ubuntu1
13 bugs
patches for 2:2.7-2ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing