Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5-appl for openSUSE:Factory checked in at 2026-04-29 19:20:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5-appl (Old) and /work/SRC/openSUSE:Factory/.krb5-appl.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5-appl" Wed Apr 29 19:20:40 2026 rev:6 rq:1350003 version:1.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5-appl/krb5-appl.changes 2026-03-17 19:07:25.579954138 +0100 +++ /work/SRC/openSUSE:Factory/.krb5-appl.new.30200/krb5-appl.changes 2026-04-29 19:22:21.440171583 +0200 @@ -1,0 +2,7 @@ +Tue Mar 17 09:35:15 UTC 2026 - Petr Gajdos <[email protected]> + +- added patches + CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE (bsc#1259691) + * krb5-appl-CVE-2026-32746.patch + +------------------------------------------------------------------- New: ---- krb5-appl-CVE-2026-32746.patch ----------(New B)---------- New: CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE (bsc#1259691) * krb5-appl-CVE-2026-32746.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-appl.spec ++++++ --- /var/tmp/diff_new_pack.ehUToP/_old 2026-04-29 19:22:22.176201709 +0200 +++ /var/tmp/diff_new_pack.ehUToP/_new 2026-04-29 19:22:22.180201873 +0200 @@ -1,6 +1,7 @@ # # spec file for package krb5-appl # +# Copyright (c) 2026 SUSE LLC # Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -42,6 +43,8 @@ Patch5: krb5-appl-fix-build.patch # build with gcc14 Patch6: krb5-appl-gcc14.patch +# CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE (bsc#1259691) +Patch7: krb5-appl-CVE-2026-32746.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -90,6 +93,7 @@ %patch -P 4 -p1 %patch -P 5 -p1 %patch -P 6 -p1 +%patch -P 7 -p1 %build ./autogen.sh ++++++ krb5-appl-CVE-2026-32746.patch ++++++ Index: krb5-appl-1.0.3/telnet/telnetd/slc.c =================================================================== --- krb5-appl-1.0.3.orig/telnet/telnetd/slc.c +++ krb5-appl-1.0.3/telnet/telnetd/slc.c @@ -128,6 +128,9 @@ add_slc(func, flag, val) register char func, flag; register cc_t val; { + /* Do nothing if the entire triplet cannot fit in the buffer. */ + if (slcbuf + sizeof slcbuf - slcptr <= 6) + return; if ((*slcptr++ = (unsigned char)func) == 0xff) *slcptr++ = 0xff;
