Package: krb5-telnetd
Severity: critical
Tags: security
http://www.debian.org/security/2011/dsa-2375 is still unfixed in sid.
Patch from the DSA attached.
Cheers,
Moritz
diff --git a/telnet/libtelnet/encrypt.c b/telnet/libtelnet/encrypt.c
index e99f346..7f00b09 100644
--- a/telnet/libtelnet/encrypt.c
+++ b/telnet/libtelnet/encrypt.c
@@ -755,6 +755,9 @@ static void encrypt_keyid(kp, keyid, len)
int dir = kp->dir;
register int ret = 0;
+ if (len > MAXKEYLEN)
+ len = MAXKEYLEN;
+
if (!(ep = (*kp->getcrypt)(*kp->modep))) {
if (len == 0)
return;
