Control: tag 1126047 pending
Hi!
Bug #1126047 that you reported in package inetutils has been fixed
in the debian/pkgs/inetutils.git git repository. You can see the changelog
below,
and you can check the diff of the fix at:
https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/diff/?id=03e0257
---
commit 03e0257a289fb13e915003c0843f429dc1e85f92
Author: Guillem Jover <[email protected]>
Date: Tue Jan 20 15:52:05 2026 +0100
Fix remote authentication bypass in telnetd
GNU InetUtils Security Advisory:
<https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html>
Fixes: CVE-2026-24061
Closes: #1126047
(cherry picked from commit ee9ac867cf322e2cea1c8e141a0d8184427a9001)
(cherry picked from commit b3a451a2d94f21c5b9930d6c78a66ae59b6e7a41)
diff --git a/debian/changelog b/debian/changelog
index 1a686fa..5ccd639 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+inetutils (2:2.6-3+deb12u1) UNRELEASED; urgency=high
+
+ * Fix remote authentication bypass in telnetd.
+ GNU InetUtils Security Advisory:
+ <https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html>
+ Fixes CVE-2026-24061. (Closes: #1126047)
+
+ -- Guillem Jover <[email protected]> Wed, 21 Jan 2026 17:33:26 +0100
+
inetutils (2:2.4-2+deb12u1) bookworm; urgency=medium
* Add patch from upstream to check return values for set*id() functions.
