inetutils (2:2.2-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: NULL dereference DoS
- debian/patches/CVE-2022-39028.patch: fix remote DoS
in inetutils-telnetd in telnetd/state.c.
- CVE-2022-39028
* SECURITY UPDATE: Privilege escalation
- debian/patches/CVE-2023-40303.patch: check setuid, setguid return values
in ftpd/ftpd.c, src/rpc.c, src/rlogin.c, src/rsh.c, src/rshd.c,
src/uucpd.c.
- CVE-2023-40303
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 15 Aug 2023 10:13:06 -0300
inetutils (2:2.2-2) unstable; urgency=medium
* Use «command -v» instead of «which».
* Switch from /var/run to /run.
* Switch to declarative alternatives.
* Add patch from upstream to fix infinite loop causing a stack exhaustion
induced crash in telnet client due to malicious server commands.
Closes: #945861
-- Guillem Jover <guillem@debian.org> Sun, 05 Sep 2021 04:48:06 +0200
inetutils (2:2.2-1) unstable; urgency=medium
* New upstream release.
- Fix inetutils-ftp security bug trusting FTP PASV responses.
Closes: #993476
-- Guillem Jover <guillem@debian.org> Thu, 02 Sep 2021 07:02:33 +0200
inetutils (2:2.1-2) unstable; urgency=medium
* Allow stderr output on autopkgtests, given that we are running configure
which tends to output there.
-- Guillem Jover <guillem@debian.org> Mon, 30 Aug 2021 05:47:59 +0200
inetutils (2:2.1-1) unstable; urgency=medium
* New upstream release. Closes: #993144
* Stop using obsolete autoconf macros, to stop emitting warnings that
break the autopkgtest. Closes: #993135
* Reorder debian/control stanzas by relevance.
* Improve package descriptions, and mention Kerberos support.
-- Guillem Jover <guillem@debian.org> Sat, 28 Aug 2021 01:20:36 +0200
inetutils (2:2.0-1) unstable; urgency=medium
* New upstream release.
-- Guillem Jover <guillem@debian.org> Fri, 05 Feb 2021 23:14:20 +0100
inetutils (2:1.9.4.91-1) unstable; urgency=medium
* New upstream release.
- Remove patches merged upstream.
- Switch syslog.conf from a patch to a local file.
- Rename local logout() function conflicting with system one.
Closes: #748553
* Disable building texinfo documentation which we were not shipping anyway.
* Annotate test suite Build-Depends with <!nocheck>. Closes: #981261
Thanks to Helmut Grohne <helmut@subdivi.de>.
* Improve patch descriptions and names.
* Disable libidn2 linking, IDN support already provided by glibc.
* Cleanup syslog.conf formatting and comments.
-- Guillem Jover <guillem@debian.org> Sat, 30 Jan 2021 01:50:40 +0100
inetutils (2:1.9.4.90-1) unstable; urgency=medium
* New upstream release.
- Remove upstream patches, now unneeded.
- Update debian/upstream/signing-key.asc.
* Use service(8) instead of invoke-rc.d(8) in inetutils-syslogd logrotate
script, as the latter is intended to be used only in maintainer scripts.
* Remove spurious spaces from debian/rules.
-- Guillem Jover <guillem@debian.org> Wed, 27 Jan 2021 01:21:38 +0100
inetutils (2:1.9.4-13) unstable; urgency=medium
* Copy instead of moving local files to the staging directory, to fix
building twice in a row.
* Use single and double quotes instead of unbalanced backticks.
* Rename lintian override tags to their new names.
* Add patch from upstream:
- Switch from libidn to libidn2.
* Switch to debhelper compatibility level 13.
* Switch to Standards-Version 4.5.1 (no changes needed).
-- Guillem Jover <guillem@debian.org> Fri, 25 Dec 2020 13:31:24 +0100
inetutils (2:1.9.4-12) unstable; urgency=medium
* Switch to Standards-Version 4.5.0 (no changes needed).
* Remove patches from upstream:
- tftpd: Restore logging while chrooted. (We do not ship tftpd.)
* Add patches from upstream:
- Change header inclusion for ifconfig on GNU/Linux, to support musl.
- telnetd: More work on CVE-2019-0053.
- Various compiler warnings fixes.
- telnet: Various off-by-one checks.
- ftp: Fix buffer overflows.
- ping, ping6: Fix memory leaks.
* Add patch from Red Hat / Fedora:
- Fix arbitrary remote code execution in telnetd via short writes or
urgent data. Fixes CVE-2020-10188. Closes: #956084
Thanks to Michal Ruprich <michalruprich@gmail.com>.
Note: While the PoC exploit does not work on inetutils due to the
different codebases, the adapted patch was close enough to apply almost
directly, even though the information leak might appear to still remain.
* Document inetutils-inetd IPv6 support in man page, and modify the
default template inetd.conf to use udp6 and tcp6. Closes: #804766
* Minor wording fixes to default templated inetd.conf.
* Remove long obsolete netkit-inetd Provides and Conflicts from
inetutils-inetd.
* Document that inetutils-inetd -p option without a filename disables
writing a pidfile. Closes: #951680
* Disable building tftp and tftpd, which we are not shipping, and are
causing test suite failures on kfreebsd-amd64.
-- Guillem Jover <guillem@debian.org> Tue, 14 Apr 2020 04:08:13 +0200
# For older changelog entries, run 'apt-get changelog inetutils-traceroute'
Generated by dwww version 1.14 on Sun Feb 2 13:30:40 CET 2025.