Package: telnetd Version: 0.17-41.2 Severity: serious Hi,
telnetd from netkit appears to have multiple problems, which make me think we shouldn't ship it: 1) open bug #974428, causes telnetd to crash, remotely triggerable 2) possibly unpatched exploit here: https://www.exploit-db.com/exploits/48170 3) no upstream? 4) maintainer in Debian appears to be missing from the action The first bug has a patch applied, but overall I think we should still not ship it. Security team, your opinion please? I'd suggest we replace telnetd with an empty package depending on inetutils-telnetd, or if thats a bad idea, just remove telnetd from the netkit-telnet sources. I've CCed the inetutils-telnetd maintainer. Chris
