Your message dated Sun, 20 Sep 2020 21:32:09 +0000
with message-id <e1kk6wl-0008yb...@fasolo.debian.org>
and subject line Bug#956084: fixed in inetutils 2:1.9.4-7+deb10u1
has caused the Debian Bug report #956084,
regarding inetutils-telnetd: CVE-2020-10188
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
956084: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956084
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: inetutils-telnetd
Severity: critical
Tags: security
Justification: root security hole
Looking in https://security-tracker.debian.org/tracker/CVE-2020-10188 :
utility.c in telnetd in netkit telnet through 0.17 allows remote
attackers to execute arbitrary code via short writes or urgent data,
because of a buffer overflow involving the netclear and nextitem
functions.
Seems to me that inetutils contains the same (vulnerable) utility.c
functions. Please check.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University of Sydney Australia
--- End Message ---
--- Begin Message ---
Source: inetutils
Source-Version: 2:1.9.4-7+deb10u1
Done: =?utf-8?q?Moritz_M=C3=BChlenhoff?= <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
inetutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 956...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated inetutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 Sep 2020 20:06:42 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-ftp-dbgsym inetutils-ftpd inetutils-ftpd-dbgsym
inetutils-inetd inetutils-inetd-dbgsym inetutils-ping inetutils-ping-dbgsym
inetutils-syslogd inetutils-syslogd-dbgsym inetutils-talk inetutils-talk-dbgsym
inetutils-talkd inetutils-talkd-dbgsym inetutils-telnet inetutils-telnet-dbgsym
inetutils-telnetd inetutils-telnetd-dbgsym inetutils-tools
inetutils-tools-dbgsym inetutils-traceroute inetutils-traceroute-dbgsym
Architecture: source amd64
Version: 2:1.9.4-7+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Guillem Jover <guil...@debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Description:
inetutils-ftp - File Transfer Protocol client
inetutils-ftpd - File Transfer Protocol server
inetutils-inetd - internet super server
inetutils-ping - ICMP echo tool
inetutils-syslogd - system logging daemon
inetutils-talk - talk to another user
inetutils-talkd - remote user communication server
inetutils-telnet - telnet client
inetutils-telnetd - telnet server
inetutils-tools - base networking utilities (experimental package)
inetutils-traceroute - trace the IPv4 route to another host
Closes: 956084
Changes:
inetutils (2:1.9.4-7+deb10u1) buster; urgency=medium
.
* CVE-2020-10188 (Closes: #956084)
Checksums-Sha1:
f549ec0fd8f738d784d7f40860d44403273c695d 2739 inetutils_1.9.4-7+deb10u1.dsc
c4f6c39284000956a6fd0a90a637897dd1b9dd88 96628
inetutils_1.9.4-7+deb10u1.debian.tar.xz
1e6a97b9de7763953df07079088c61ce354c95cd 186224
inetutils-ftp-dbgsym_1.9.4-7+deb10u1_amd64.deb
05fe489666325b390e7527deb9c2d233edd01353 250296
inetutils-ftp_1.9.4-7+deb10u1_amd64.deb
30cac7005a242c499518fb3cadbe1335b77ab265 202860
inetutils-ftpd-dbgsym_1.9.4-7+deb10u1_amd64.deb
0faa416d6f7ede49c74277d4f84162900f9d9ead 247524
inetutils-ftpd_1.9.4-7+deb10u1_amd64.deb
9b060bd0795f2744553ff0247c2796dc3282f006 108552
inetutils-inetd-dbgsym_1.9.4-7+deb10u1_amd64.deb
abf8dc1f4c4edf357e3851e3e0c82f18d9cb40af 220368
inetutils-inetd_1.9.4-7+deb10u1_amd64.deb
2a88b1b1f4ed469f2c7b72ce51edb844c664ff39 209936
inetutils-ping-dbgsym_1.9.4-7+deb10u1_amd64.deb
4a114aabe6ef41e7b7df8bcdeb0f7a413853942e 226336
inetutils-ping_1.9.4-7+deb10u1_amd64.deb
bc8878e075918ee3043c144b6fd293dfb9b94a40 115528
inetutils-syslogd-dbgsym_1.9.4-7+deb10u1_amd64.deb
cc77073a041dcc114b8d7434ccb40779ffe62212 223676
inetutils-syslogd_1.9.4-7+deb10u1_amd64.deb
b3b6bb716b76ef8de08c75b0da80be439e07b00f 103828
inetutils-talk-dbgsym_1.9.4-7+deb10u1_amd64.deb
e40384cc1d92fa8a2c87ee9b6e93e539786b056b 209308
inetutils-talk_1.9.4-7+deb10u1_amd64.deb
8c07b30ee1fb44a6ec407ee65568ef5cbd116987 110892
inetutils-talkd-dbgsym_1.9.4-7+deb10u1_amd64.deb
21a38dad691babc6f30d30bc7836746a8ceee34b 211724
inetutils-talkd_1.9.4-7+deb10u1_amd64.deb
152757b95db1499a73e98b4701a4e076d88457fe 214444
inetutils-telnet-dbgsym_1.9.4-7+deb10u1_amd64.deb
953c81a19795864111208f68e095a2f78be862b6 258448
inetutils-telnet_1.9.4-7+deb10u1_amd64.deb
a5815c8bc3f40834fb7a1915154b28111f2346d4 177384
inetutils-telnetd-dbgsym_1.9.4-7+deb10u1_amd64.deb
280100fad0998318ee95037d6668355f93835f27 242248
inetutils-telnetd_1.9.4-7+deb10u1_amd64.deb
16b6b820f6e3e16a23c7e6215fdc0dbf5605d5ff 365676
inetutils-tools-dbgsym_1.9.4-7+deb10u1_amd64.deb
ad6cd1cec0f62bebb2c77cbbc3a4db4af671e131 239900
inetutils-tools_1.9.4-7+deb10u1_amd64.deb
c96901e50160c34de74c11fb6940ba4ecc248dc0 88356
inetutils-traceroute-dbgsym_1.9.4-7+deb10u1_amd64.deb
2230fb32b665a0fb182ed06fb0c8000cb83efeef 206552
inetutils-traceroute_1.9.4-7+deb10u1_amd64.deb
3be0e367805e41520a87abd18cb3ad3ade786016 12976
inetutils_1.9.4-7+deb10u1_amd64.buildinfo
Checksums-Sha256:
a6557432704c0ebc2b827677e8fb5cade50bedb62ed589e504b1e31ced7ce5f9 2739
inetutils_1.9.4-7+deb10u1.dsc
2f02224653fd763d930e64160f8d637d2b1d3dd31b52cd864541e9c5f2a5391c 96628
inetutils_1.9.4-7+deb10u1.debian.tar.xz
4651aeb79937686880335365ae1257d2a52c91179ec9ade4455d08383b9a483a 186224
inetutils-ftp-dbgsym_1.9.4-7+deb10u1_amd64.deb
7ca10a9b49fc66c9a3acb0ff14807525381884e3e638f668d1e3c862714188ed 250296
inetutils-ftp_1.9.4-7+deb10u1_amd64.deb
c049a9cbfee15cdc7df56848930f679093b3b211d1cf8a18952a80fa81ccae7e 202860
inetutils-ftpd-dbgsym_1.9.4-7+deb10u1_amd64.deb
c64c3e0353ab54c017ca324c7268d3cd13e8a329f93eea6ebadfc657b767bd55 247524
inetutils-ftpd_1.9.4-7+deb10u1_amd64.deb
b14fd8b1e886834d700f7daa2b0a57e54314ae567c7e54e0a5fdce64f6607c5e 108552
inetutils-inetd-dbgsym_1.9.4-7+deb10u1_amd64.deb
992f88598027119f30c0e8dbda1cbee1da19c2463dfa9a1b228fbd9458ae9cbe 220368
inetutils-inetd_1.9.4-7+deb10u1_amd64.deb
ffc0d8fa7cb44a8afb0a25de76311045adb54f10a85eb1279958be6e7650687e 209936
inetutils-ping-dbgsym_1.9.4-7+deb10u1_amd64.deb
2bd91cb6407c395b829e53783dd31f32cae115f81fcba90fdc82d44a259265c2 226336
inetutils-ping_1.9.4-7+deb10u1_amd64.deb
e951726cf737523374d6ec948403cbbf6d5d2f0a549098d80667a3b1e17a517f 115528
inetutils-syslogd-dbgsym_1.9.4-7+deb10u1_amd64.deb
a81af49e7f21c710460c670b7aef8a12c4b1d15201f8e968b9c7bd76861a04e8 223676
inetutils-syslogd_1.9.4-7+deb10u1_amd64.deb
9d8a03e585aa6c8d451fc2e430191a3957e8b1b34b1c2d15bac1542958e2d59c 103828
inetutils-talk-dbgsym_1.9.4-7+deb10u1_amd64.deb
90d7df282329f986de3ed5e2c759d8bcfa7d8b168b6721dec9240facd5fbc50d 209308
inetutils-talk_1.9.4-7+deb10u1_amd64.deb
d1d3d45ed4789135b365ece7573b0bfd70a44b4fc14f1d2477d0c36c4e491b3b 110892
inetutils-talkd-dbgsym_1.9.4-7+deb10u1_amd64.deb
447fd0c26bfd3bc66f906d8a339e16c777034a584113de017e33c3e4a58ef937 211724
inetutils-talkd_1.9.4-7+deb10u1_amd64.deb
3b9199d5cbb9affce7f22a70e90bd2dbcac193133b64f4f3a8a1fb235b10db33 214444
inetutils-telnet-dbgsym_1.9.4-7+deb10u1_amd64.deb
6274966b531567739f2b16e516754860b45f4d01de4d3daa5cd33df3e7ae2160 258448
inetutils-telnet_1.9.4-7+deb10u1_amd64.deb
6186e8caaab6785eb4845f6834a918cece733c415412215dacd3bbd3089e0a5f 177384
inetutils-telnetd-dbgsym_1.9.4-7+deb10u1_amd64.deb
fafc1a522856fa0e1620baa2a83cbcbcb8e6c08348495c8fbbcfaa4772ba2d4f 242248
inetutils-telnetd_1.9.4-7+deb10u1_amd64.deb
cbece70662397e5dd388e6554a56933b7675ac7668a1da433e5786e83ffea556 365676
inetutils-tools-dbgsym_1.9.4-7+deb10u1_amd64.deb
67231ea524a799ac1b6670d41833d3fef5b1ace27782f5a8c2f53d66f3ed228b 239900
inetutils-tools_1.9.4-7+deb10u1_amd64.deb
01222772f46f917bf29638a58511bde69d206ab5492ae2fa926a3ffa17af309c 88356
inetutils-traceroute-dbgsym_1.9.4-7+deb10u1_amd64.deb
1205ac9190aa79c3752472de4f21a12f4a8157a9ba430da7caa5c42efe8daa75 206552
inetutils-traceroute_1.9.4-7+deb10u1_amd64.deb
d0d3a286750720cb12178bfa61660cd9048f92cc561cf509dd28adfc2d8b61cd 12976
inetutils_1.9.4-7+deb10u1_amd64.buildinfo
Files:
d7bbb82312bb5069673668e81a88592c 2739 net optional
inetutils_1.9.4-7+deb10u1.dsc
a8f826cfc11222e1b9f8c02a237549ee 96628 net optional
inetutils_1.9.4-7+deb10u1.debian.tar.xz
22ba5146ac36e727508575649fdbd2b6 186224 debug optional
inetutils-ftp-dbgsym_1.9.4-7+deb10u1_amd64.deb
f3c992bcf0fc3c14c39e85340da4bb90 250296 net optional
inetutils-ftp_1.9.4-7+deb10u1_amd64.deb
5a095201db1711346d3dadcdc4d3ec1e 202860 debug optional
inetutils-ftpd-dbgsym_1.9.4-7+deb10u1_amd64.deb
8f5b816eeeacb39a706f3c0159078f31 247524 net optional
inetutils-ftpd_1.9.4-7+deb10u1_amd64.deb
497cb3f2374c4a549880144af3f6752e 108552 debug optional
inetutils-inetd-dbgsym_1.9.4-7+deb10u1_amd64.deb
84655f1878d654442efb70bec5eac28f 220368 net optional
inetutils-inetd_1.9.4-7+deb10u1_amd64.deb
5d4522656aecbfbda298bfee65382fdd 209936 debug optional
inetutils-ping-dbgsym_1.9.4-7+deb10u1_amd64.deb
d50dfa473b1f52c22e1e95beb9a6d6d7 226336 net optional
inetutils-ping_1.9.4-7+deb10u1_amd64.deb
7850143f543f965b4cf7e6716d60eb68 115528 debug optional
inetutils-syslogd-dbgsym_1.9.4-7+deb10u1_amd64.deb
16b97164d3847edb23de57dd79fb59a7 223676 net optional
inetutils-syslogd_1.9.4-7+deb10u1_amd64.deb
957fbfa99858322c07a5f56d35a958ca 103828 debug optional
inetutils-talk-dbgsym_1.9.4-7+deb10u1_amd64.deb
ff8255f8fc836498363b78f08bd51cce 209308 net optional
inetutils-talk_1.9.4-7+deb10u1_amd64.deb
c244ac78df952c395654d84bda47500b 110892 debug optional
inetutils-talkd-dbgsym_1.9.4-7+deb10u1_amd64.deb
2757deee040fffd7c671c16bb2f582f6 211724 net optional
inetutils-talkd_1.9.4-7+deb10u1_amd64.deb
b52174e29368454b0c2ddae28f0b7dc6 214444 debug optional
inetutils-telnet-dbgsym_1.9.4-7+deb10u1_amd64.deb
e93df7e375561ed20d3b18ac2b6c3594 258448 net optional
inetutils-telnet_1.9.4-7+deb10u1_amd64.deb
0952f0654f626978973b334db3ef89a4 177384 debug optional
inetutils-telnetd-dbgsym_1.9.4-7+deb10u1_amd64.deb
2933e1af870b6e7e73c562e5af2545e0 242248 net optional
inetutils-telnetd_1.9.4-7+deb10u1_amd64.deb
22da18cb6b8a2eaa11270b3fbabfba47 365676 debug optional
inetutils-tools-dbgsym_1.9.4-7+deb10u1_amd64.deb
b684ef96bd0e781fac6802a05ab42503 239900 net optional
inetutils-tools_1.9.4-7+deb10u1_amd64.deb
97ce28d85d9190fb6d332bdc3dc5f836 88356 debug optional
inetutils-traceroute-dbgsym_1.9.4-7+deb10u1_amd64.deb
914a946e0ae4a611be69b4ad73148a8e 206552 net optional
inetutils-traceroute_1.9.4-7+deb10u1_amd64.deb
444cf26bc3bfb3ab376c4e4e58017eb8 12976 net optional
inetutils_1.9.4-7+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9nuh4ACgkQEMKTtsN8
TjZlsRAAj/1/2X+k7lGbM6h+hmelu0OFHsgmlCcXNL0RH5l/BN7nb4omoM/X6lyx
NP7AMduK6npt5sd19lsnd5Yz390XDQIOHHl1nGTHeqSb1R45mGYoa4ht7GOnUGhy
C1kdI20Kw+qnj+uhvhOyn3F0zL2weFulSu3l5r/imncbm272CSRaxlGHwgvC06dm
rP37p6EzmtGXWZfNf+F3hhBiPgjiNEykE6xn3lHx2gz57iy5nx8Wic8NZRf4n1OF
/aY4kOINg64J7gGYggntMOAMBcI9eMtFXfu77wYSIe3b6t7qeF4IL4tq7pzPnEVp
VLzkYQrLc1ISVVkDhXchdy+jX1PKFDyQkwhIbm/++2KpqGl66UzMTQJsi6qh1lab
ZVgBcGSg3Qn0fN8lszQHcChF1Sr1MDRYDhtqLvHZVCVgKzO8wRsXG8U5O+mEimon
3z9tPsXSKHQTMAZIaJldUB8SMjf7BShaTr3C1UN3mWJ0iKJ/hNogvJ9vfW6rC+dx
3QyCufrmWWD5CtlZ9/omLQoH6L+gQ90HjPvPv+AAJFtG6JNDQCxpdV7OO9GWaUCC
/X0KYdHPn15PB7Fxu5vyaG8BtNKWzwi7TUimD89VLfHc+3gmqZq9PJDiRX82fPYD
hgQn1DKKVund3D4MWDdYEOByCBlUlmaCZx/ttRoERnBD9Yho6IQ=
=jot4
-----END PGP SIGNATURE-----
--- End Message ---
