Hi, [Not a conclusive answer]
On Sun, Feb 07, 2021 at 06:49:25PM +0100, Chris Hofstaedtler wrote: > 2) possibly unpatched exploit here: https://www.exploit-db.com/exploits/48170 JFTR, this one was CVE-2020-10188 and in Debian was fixed in earlier times. Replacing telnetd package with an empy package and depending on inetutils-telnetd: is it possible to basically interchangably replace those two? If so this might be an option but I'm not sure if at this stage of the preparations for bullseye it might be too late. > 1) open bug #974428, causes telnetd to crash, remotely triggerable The first issue, if there a verified patch might be good to fix in time for bullseye. Regards, Salvatore
