-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2026 16:52:10 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-ftp-dbgsym inetutils-ftpd inetutils-ftpd-dbgsym inetutils-inetd inetutils-inetd-dbgsym inetutils-ping inetutils-ping-dbgsym inetutils-syslogd inetutils-syslogd-dbgsym inetutils-talk inetutils-talk-dbgsym inetutils-talkd inetutils-talkd-dbgsym inetutils-telnet inetutils-telnet-dbgsym inetutils-telnetd inetutils-telnetd-dbgsym inetutils-tools inetutils-tools-dbgsym inetutils-traceroute inetutils-traceroute-dbgsym
Architecture: mipsel
Version: 2:2.4-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 inetutils-ftp - File Transfer Protocol client
 inetutils-ftpd - File Transfer Protocol server
 inetutils-inetd - internet super server
 inetutils-ping - ICMP echo tool
 inetutils-syslogd - system logging daemon
 inetutils-talk - talk to another user
 inetutils-talkd - remote user communication server
 inetutils-telnet - telnet client
 inetutils-telnetd - telnet server
 inetutils-tools - base networking utilities (experimental package)
 inetutils-traceroute - trace the IPv4 route to another host
Closes: 1130741 1130742
Changes:
 inetutils (2:2.4-2+deb12u3) bookworm-security; urgency=high
 .
   * Add patch from upstream:
     - Prevent privilege escalation via telnetd abusing systemd service
       credentials support added to the login(1) implementation of util-linux in
       release 2.40. Reported by Ron Ben Yizhak <ron.benyizhak@safebreach.com>.
       Fixes CVE-2026-28372.
     - Ignore all environment options from clients unless the variable was
       listed in the new --accept-env telnetd option. This mitigates privilege
       escalation using environment variables.
       This is the complete fix for CVE-2026-24061, with its own CVE pending.
     - Fix stack buffer overflow processing SLC suboption triplets.
       Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg,
       Daniel Lubel at DREAM Security Research Team.
       Fixes CVE-2026-32746. (Closes: #1130742)
   * Add the hashcode-string1 module from forky/sid gnulib adapted to bookworm
     required by the --accept-env patch, and the gl_hash_set, gl_set, gl_xset
     and gl_anyhash bookworm gnulib modules required by hashcode-string1.
     Inject new gnulib modules in lib/Makefile.am.
   * Adapt netkit-telnet patch to not leak unexported environment variables to
     telnetd. Reported by Justin Swartz <justin.swartz@risingedge.co.za>.
     Fixes CVE-2026-32772. (Closes: #1130741)
   * Prevent user local privilege escalation using --debug, which was
     susceptible to symlink attacks, or leaking on-wire credentials to a
     user that had pre-created the file and kept it open. Fix by switching
     from /tmp/telnet.debug to /run/telnet/debug.<pid>, and making the
     setup error checks fatal.
     Partially reported by Justin Swartz <justin.swartz@risingedge.co.za>.
   * Update local telnetd man page to match new --debug behavior.
Checksums-Sha1:
 236191cf0f6152652f293e67a7a695319fe71085 157384 inetutils-ftp-dbgsym_2.4-2+deb12u3_mipsel.deb
 4428f695a903a439724502a6454a2fd52da64aac 102276 inetutils-ftp_2.4-2+deb12u3_mipsel.deb
 0cfecdb6317aa60dec32286f43a8da99ec6baf2e 190132 inetutils-ftpd-dbgsym_2.4-2+deb12u3_mipsel.deb
 fb4c22586d6421986d95abb79ada038d239b88de 106712 inetutils-ftpd_2.4-2+deb12u3_mipsel.deb
 6fb7be71922929d8dbedd41f7c0dc5d6761d4f12 105232 inetutils-inetd-dbgsym_2.4-2+deb12u3_mipsel.deb
 8b2b66f9a66449a1755478c5eef46a68b34ab9b3 79572 inetutils-inetd_2.4-2+deb12u3_mipsel.deb
 a92d504d81e5d23a4a276d0f64c75d520b58c184 186464 inetutils-ping-dbgsym_2.4-2+deb12u3_mipsel.deb
 18dae2be56c7cdfa1514087e398756c17643f0c1 86976 inetutils-ping_2.4-2+deb12u3_mipsel.deb
 5b0df8240dd63f7c4962e4f47bdae5eba742fe47 112524 inetutils-syslogd-dbgsym_2.4-2+deb12u3_mipsel.deb
 944483838d988fe233e283169d60eb59e77e3620 83064 inetutils-syslogd_2.4-2+deb12u3_mipsel.deb
 fb042625bb74c22383dbe7e81810bb5659a18331 86100 inetutils-talk-dbgsym_2.4-2+deb12u3_mipsel.deb
 6a4abf4d5c1bc7c8ab9cc743ea5cdc314b9b269d 68820 inetutils-talk_2.4-2+deb12u3_mipsel.deb
 d3f978a6967e939b33ceca0a54dbed22645c66bc 102300 inetutils-talkd-dbgsym_2.4-2+deb12u3_mipsel.deb
 969769f2fef9f979b2049cf7456f5fd2c2d614d4 71088 inetutils-talkd_2.4-2+deb12u3_mipsel.deb
 587166d505fd38c8950cd64b5a99859957a757b5 208368 inetutils-telnet-dbgsym_2.4-2+deb12u3_mipsel.deb
 c406513df04c154f7813e6e1293c0b53ef354ba8 115352 inetutils-telnet_2.4-2+deb12u3_mipsel.deb
 99d8cdc153230249d68d38d07861bd3f8a106cba 185752 inetutils-telnetd-dbgsym_2.4-2+deb12u3_mipsel.deb
 a6f44a4023696da6053b32292603107b6c6bf9b6 104116 inetutils-telnetd_2.4-2+deb12u3_mipsel.deb
 6b08042db3ef53faaaa619727ba20b2b6af88543 330724 inetutils-tools-dbgsym_2.4-2+deb12u3_mipsel.deb
 9b890c31d60a611c22025f82e4a77959123e928c 98328 inetutils-tools_2.4-2+deb12u3_mipsel.deb
 09b56ca6d27835f737441c19fdee5dda9e2e484b 86808 inetutils-traceroute-dbgsym_2.4-2+deb12u3_mipsel.deb
 01294d637100eb64b0d14d860b147e2c39cdd7f9 66368 inetutils-traceroute_2.4-2+deb12u3_mipsel.deb
 2e4fbbdea9d8890b76cd98bda3725348637b60b1 12997 inetutils_2.4-2+deb12u3_mipsel-buildd.buildinfo
Checksums-Sha256:
 5a55245fe48cb8a1e1a2ec31c68cb772c246536d70a2566bed5f36ee4ad4ddcb 157384 inetutils-ftp-dbgsym_2.4-2+deb12u3_mipsel.deb
 58fa9e54697c71ee6b3a620e546c325c046f783c29cfdae3d178a922d320eab8 102276 inetutils-ftp_2.4-2+deb12u3_mipsel.deb
 0552bdc4601369d10329097d3293b0503f9eed01b6ce2414e5c011d4d0ec7570 190132 inetutils-ftpd-dbgsym_2.4-2+deb12u3_mipsel.deb
 3516dd91222d81dd26ccd26bf6863b9e63468044b101d1d33b6db0b5b7df04c1 106712 inetutils-ftpd_2.4-2+deb12u3_mipsel.deb
 a89ba4e4be45ec9a8ea179915638a72256f8b82511b86126abd2858106b529cb 105232 inetutils-inetd-dbgsym_2.4-2+deb12u3_mipsel.deb
 1ba07f61809187877c19423bab56b8d43ad0bc331bf163b753b1cb366cb26574 79572 inetutils-inetd_2.4-2+deb12u3_mipsel.deb
 88056f3b080286824a555f60928bfed9976e61dd08e6b255cedc9dcbf9c2fcd3 186464 inetutils-ping-dbgsym_2.4-2+deb12u3_mipsel.deb
 e68dc4d00fc9070c76ecaaf995be42066f7b5e00e0a56c1043ab7332763f51c3 86976 inetutils-ping_2.4-2+deb12u3_mipsel.deb
 6954c72eabccc9319ed2841a0fc737534e4e1899ecc1cecb39a5943f2943f91c 112524 inetutils-syslogd-dbgsym_2.4-2+deb12u3_mipsel.deb
 37abcabf8b557795a799b6b62df2b1d51dc5710eb230931765ecffdee3635834 83064 inetutils-syslogd_2.4-2+deb12u3_mipsel.deb
 2a33b220c4445897474ca81f9f5809e3faab72966799b245491b7faa1adf0ba1 86100 inetutils-talk-dbgsym_2.4-2+deb12u3_mipsel.deb
 eb693469c4652687478fdc050f1fbec858b7cbdb87729dc279306437fdcb6ab0 68820 inetutils-talk_2.4-2+deb12u3_mipsel.deb
 e9c739208b0de7da265ea8cce15f63d9be6ee0210d76b7d636ad107706e4a8f2 102300 inetutils-talkd-dbgsym_2.4-2+deb12u3_mipsel.deb
 759a369f1331f95b962afa637dce159ee8ed7c7bfa3ff67362528c8720c4c519 71088 inetutils-talkd_2.4-2+deb12u3_mipsel.deb
 9dbcace4bba901eaf1e5b0b37c1e6a24eadf4f0d8b40b60638fe8fa3fb3ef9d3 208368 inetutils-telnet-dbgsym_2.4-2+deb12u3_mipsel.deb
 f30ba038fcd129e58d8eb616a0343ed735844fa750cda536fbc152f9e2da9dc0 115352 inetutils-telnet_2.4-2+deb12u3_mipsel.deb
 8e9454d028ed6e303826d45a39b268387057f0d0c943b56b3a7c2e785695b9b8 185752 inetutils-telnetd-dbgsym_2.4-2+deb12u3_mipsel.deb
 abd6919f2d4021cf3e29c35a94ea909c897a9c54d3fdeeaa4a26c2ef748ea30e 104116 inetutils-telnetd_2.4-2+deb12u3_mipsel.deb
 3515b7cb76224c7aeefc03122794be70dd60d4978ae67594ba9a127255f6cb37 330724 inetutils-tools-dbgsym_2.4-2+deb12u3_mipsel.deb
 a42274d11b5051968d11d838632856f3263ca0cff3a86c86c5b57ca261b4a1c6 98328 inetutils-tools_2.4-2+deb12u3_mipsel.deb
 fc95e3ddf45831dc1710c7dd50b84b17f1f9b859198169ee7c0dc905582f8caa 86808 inetutils-traceroute-dbgsym_2.4-2+deb12u3_mipsel.deb
 67b9c13f3def9e9d9465512d258d8872829185cf8bfa38aad25fbb54e7b7a8d7 66368 inetutils-traceroute_2.4-2+deb12u3_mipsel.deb
 b32ed27b921339816a64193e635afc7d4261b9d1b83bedb565e28e90351066e4 12997 inetutils_2.4-2+deb12u3_mipsel-buildd.buildinfo
Files:
 f31275ee559ac2832412839d7bf37bfd 157384 debug optional inetutils-ftp-dbgsym_2.4-2+deb12u3_mipsel.deb
 3e2ead038eeed64fc8edcd3b55b32e41 102276 net optional inetutils-ftp_2.4-2+deb12u3_mipsel.deb
 cf5f76c03de47500bfd71a67ef21c055 190132 debug optional inetutils-ftpd-dbgsym_2.4-2+deb12u3_mipsel.deb
 83ac910c68b65148811e2e4985116457 106712 net optional inetutils-ftpd_2.4-2+deb12u3_mipsel.deb
 71b29443d6038c3620fdc684f1ca4bf2 105232 debug optional inetutils-inetd-dbgsym_2.4-2+deb12u3_mipsel.deb
 8e4aeec6a162c4b5a4c4dcc9ed9c83cd 79572 net optional inetutils-inetd_2.4-2+deb12u3_mipsel.deb
 45a3709bedb61058bca3fc1de77baa1b 186464 debug optional inetutils-ping-dbgsym_2.4-2+deb12u3_mipsel.deb
 e77a3ab45e36a60e61fc7de0a450f0ee 86976 net optional inetutils-ping_2.4-2+deb12u3_mipsel.deb
 5bfc191fa29e24e162753e5963ab3312 112524 debug optional inetutils-syslogd-dbgsym_2.4-2+deb12u3_mipsel.deb
 a50bcda146e94f0a8d0d434c9f8a60ac 83064 net optional inetutils-syslogd_2.4-2+deb12u3_mipsel.deb
 b69adea4f35ebfa3ffa48fa19695d3f4 86100 debug optional inetutils-talk-dbgsym_2.4-2+deb12u3_mipsel.deb
 0795d70f4babe447bba263d23b6a9410 68820 net optional inetutils-talk_2.4-2+deb12u3_mipsel.deb
 9352452253617a61d69d48a1e1173592 102300 debug optional inetutils-talkd-dbgsym_2.4-2+deb12u3_mipsel.deb
 ae97e8120d10d2c75837cbe9ec64f0e9 71088 net optional inetutils-talkd_2.4-2+deb12u3_mipsel.deb
 bffcce75e3e664f23ff8a20575af78f7 208368 debug optional inetutils-telnet-dbgsym_2.4-2+deb12u3_mipsel.deb
 0d710c2225e91469ba2e90e1352621cd 115352 net standard inetutils-telnet_2.4-2+deb12u3_mipsel.deb
 3321ae395a83f8839c33060d5a791c53 185752 debug optional inetutils-telnetd-dbgsym_2.4-2+deb12u3_mipsel.deb
 f90852c67051797d29e3abf92b198173 104116 net optional inetutils-telnetd_2.4-2+deb12u3_mipsel.deb
 0dc72b7cb6e5f806b58ea01917fdce1d 330724 debug optional inetutils-tools-dbgsym_2.4-2+deb12u3_mipsel.deb
 f9394c87a661b90f693029246957672e 98328 net optional inetutils-tools_2.4-2+deb12u3_mipsel.deb
 9e3ee16385ce78c48e16e62f2f5e9a87 86808 debug optional inetutils-traceroute-dbgsym_2.4-2+deb12u3_mipsel.deb
 91d4407c7b543bd0d13ddd4390de997e 66368 net optional inetutils-traceroute_2.4-2+deb12u3_mipsel.deb
 6218df5ad9ebbffdbe68c08d6ff51000 12997 net optional inetutils_2.4-2+deb12u3_mipsel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyYUQCyzsgu940OiVpwP2OD8jZaoFAmnL3HMACgkQpwP2OD8j
ZarA9BAA0MmsEaEeALF1B//c5q8cqglxoabXuxCEqnm32Ut/q2n01eb89v9kCfxx
0TmG7lx9ndmKGEyYg3eYsusbUxP3BLj8SsQweSDsHhe9kiwIWxNOEaRMTU892u8q
odBbB5Yr7RtBXwueJSWQEvURFTQGnkyqty4cYyi3dIOYUxidTIWU66P/qtvFREuz
v5EDbcwp22HnK80iLZZYBVfjCbBqJEvsSPOrPAfUOe2RsVRrzaMgrqpRyGFWzT5A
tsUkHyMfKifNLuNorPCTACXzGSi5KGOoXlkT0Y6Ol18bOCaTsdQ9BruNUmjVlTx5
TY6stPZ/mZqsOvw3kjX67jrOJMHgAfR77ZLHKxzsauYbI1v/UFNcugKn5Girjbba
CBT99aWTyS9kpbH+S+SfIgjFIxH+WEd6dtEC2/74a63J6b1/fbkCq3N+n4ZbQMps
tK9+PJD17sm+jXZk5/mNlftLszyOsf+MVAuv9Lu1abpUybLI83pwaEpiP2S5hsTq
lFTf4KzvBib6yuwgSnHkX5FFNpwzRVD92fo9zkQTyPi/6YcK7spBUf0dJZNO4Cgq
PcygqUOTk/MuLutNS87Q5nsSbj1jPqaBkHRiPaz2DoyrmPjtyX8P+KdLx0GmAT5s
8yP0etSKGZDxaMFpOzRnUOQ60W9WZCXbcNRbB+x2/mM/ILPvOvc=
=Wif5
-----END PGP SIGNATURE-----