inetutils (2:1.9.4-12)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://git.hadrons.org/git/debian/pkgs/inetutils.git
-
- Branch: master
- Path: debian/changelog
- Browser: https://git.hadrons.org/cgit/debian/pkgs/inetutils.git
- Last scan: 2020-06-06 09:14:04+00
- Next scan: 2020-06-07 11:14:00+00
- Debian changelog in Git:
inetutils (2:1.9.4-12) unstable; urgency=medium
* Switch to Standards-Version 4.5.0 (no changes needed).
* Remove patches from upstream:
- tftpd: Restore logging while chrooted. (We do not ship tftpd.)
* Add patches from upstream:
- Change header inclusion for ifconfig on GNU/Linux, to support musl.
- telnetd: More work on CVE-2019-0053.
- Various compiler warnings fixes.
- telnet: Various off-by-one checks.
- ftp: Fix buffer overflows.
- ping, ping6: Fix memory leaks.
* Add patch from Red Hat / Fedora:
- Fix arbitrary remote code execution in telnetd via short writes or
urgent data. Fixes CVE-2020-10188. Closes: #956084
Thanks to Michal Ruprich <michalruprich@gmail.com>.
Note: While the PoC exploit does not work on inetutils due to the
different codebases, the adapted patch was close enough to apply almost
directly, even though the information leak might appear to still remain.
* Document inetutils-inetd IPv6 support in man page, and modify the
default template inetd.conf to use udp6 and tcp6. Closes: #804766
* Minor wording fixes to default templated inetd.conf.
* Remove long obsolete netkit-inetd Provides and Conflicts from
inetutils-inetd.
* Document that inetutils-inetd -p option without a filename disables
writing a pidfile. Closes: #951680
* Disable building tftp and tftpd, which we are not shipping, and are
causing test suite failures on kfreebsd-amd64.
-- Guillem Jover <guillem@debian.org> Tue, 14 Apr 2020 04:08:13 +0200
- This branch is even with tag 1.9.4-12
