Bug#956084: in package inetutils marked as pending

Mon, 13 Apr 2020 19:45:50 -0700 

Control: tag 956084 pending

Hi!

Bug #956084 in package inetutils reported by you has been fixed in
the debian/pkgs/inetutils.git Git repository. You can see the changelog below, 
and
you can check the diff of the fix at:

    https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/diff/?id=68fc483

---
commit 68fc483c130c34dc8edde4374151e0353ddde4e1
Author: Guillem Jover <guil...@debian.org>
Date:   Mon Apr 13 18:13:37 2020 +0200

    Update patches
    
    * Remove patches from upstream:
      - tftpd: Restore logging while chrooted. (We do not ship tftpd.)
    * Add patches from upstream:
      - Change header inclusion for ifconfig on GNU/Linux, to support musl.
      - telnetd: More work on CVE-2019-0053.
      - Various compiler warnings fixes.
      - telnet: Various off-by-one checks.
      - ftp: Fix buffer overflows.
      - ping, ping6: Fix memory leaks.
    * Add patch from Red Hat / Fedora:
      - Fix arbitrary remote code execution in telnetd via short writes or
        urgent data. Fixes CVE-2020-10188. Closes: #956084
        Thanks to Michal Ruprich <michalrupr...@gmail.com>.
        Note: While the PoC exploit does not work on inetutils due to the
        different codebases, the adapted patch was close enough to apply almost
        directly, even though the information leak might appear to still remain.

diff --git a/debian/changelog b/debian/changelog
index 35f28ef..85c223f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,22 @@
 inetutils (2:1.9.4-12) UNRELEASED; urgency=medium
 
   * Switch to Standards-Version 4.5.0 (no changes needed).
+  * Remove patches from upstream:
+    - tftpd: Restore logging while chrooted. (We do not ship tftpd.)
+  * Add patches from upstream:
+    - Change header inclusion for ifconfig on GNU/Linux, to support musl.
+    - telnetd: More work on CVE-2019-0053.
+    - Various compiler warnings fixes.
+    - telnet: Various off-by-one checks.
+    - ftp: Fix buffer overflows.
+    - ping, ping6: Fix memory leaks.
+  * Add patch from Red Hat / Fedora:
+    - Fix arbitrary remote code execution in telnetd via short writes or
+      urgent data. Fixes CVE-2020-10188. Closes: #956084
+      Thanks to Michal Ruprich <michalrupr...@gmail.com>.
+      Note: While the PoC exploit does not work on inetutils due to the
+      different codebases, the adapted patch was close enough to apply almost
+      directly, even though the information leak might appear to still remain.
 
  -- Guillem Jover <guil...@debian.org>  Sun, 26 Jan 2020 19:56:56 +0100

Reply via email to