-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2026 16:52:10 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-ftp-dbgsym inetutils-ftpd inetutils-ftpd-dbgsym inetutils-inetd inetutils-inetd-dbgsym inetutils-ping inetutils-ping-dbgsym inetutils-syslogd inetutils-syslogd-dbgsym inetutils-talk inetutils-talk-dbgsym inetutils-talkd inetutils-talkd-dbgsym inetutils-telnet inetutils-telnet-dbgsym inetutils-telnetd inetutils-telnetd-dbgsym inetutils-tools inetutils-tools-dbgsym inetutils-traceroute inetutils-traceroute-dbgsym
Architecture: mips64el
Version: 2:2.4-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 inetutils-ftp - File Transfer Protocol client
 inetutils-ftpd - File Transfer Protocol server
 inetutils-inetd - internet super server
 inetutils-ping - ICMP echo tool
 inetutils-syslogd - system logging daemon
 inetutils-talk - talk to another user
 inetutils-talkd - remote user communication server
 inetutils-telnet - telnet client
 inetutils-telnetd - telnet server
 inetutils-tools - base networking utilities (experimental package)
 inetutils-traceroute - trace the IPv4 route to another host
Closes: 1130741 1130742
Changes:
 inetutils (2:2.4-2+deb12u3) bookworm-security; urgency=high
 .
   * Add patch from upstream:
     - Prevent privilege escalation via telnetd abusing systemd service
       credentials support added to the login(1) implementation of util-linux in
       release 2.40. Reported by Ron Ben Yizhak <ron.benyizhak@safebreach.com>.
       Fixes CVE-2026-28372.
     - Ignore all environment options from clients unless the variable was
       listed in the new --accept-env telnetd option. This mitigates privilege
       escalation using environment variables.
       This is the complete fix for CVE-2026-24061, with its own CVE pending.
     - Fix stack buffer overflow processing SLC suboption triplets.
       Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg,
       Daniel Lubel at DREAM Security Research Team.
       Fixes CVE-2026-32746. (Closes: #1130742)
   * Add the hashcode-string1 module from forky/sid gnulib adapted to bookworm
     required by the --accept-env patch, and the gl_hash_set, gl_set, gl_xset
     and gl_anyhash bookworm gnulib modules required by hashcode-string1.
     Inject new gnulib modules in lib/Makefile.am.
   * Adapt netkit-telnet patch to not leak unexported environment variables to
     telnetd. Reported by Justin Swartz <justin.swartz@risingedge.co.za>.
     Fixes CVE-2026-32772. (Closes: #1130741)
   * Prevent user local privilege escalation using --debug, which was
     susceptible to symlink attacks, or leaking on-wire credentials to a
     user that had pre-created the file and kept it open. Fix by switching
     from /tmp/telnet.debug to /run/telnet/debug.<pid>, and making the
     setup error checks fatal.
     Partially reported by Justin Swartz <justin.swartz@risingedge.co.za>.
   * Update local telnetd man page to match new --debug behavior.
Checksums-Sha1:
 f17cfd7753f8a6dde7dab0f61d5177940fa15be7 161368 inetutils-ftp-dbgsym_2.4-2+deb12u3_mips64el.deb
 8b45b1e9a91b7ae03f32a7d7d2c7904e8ea6a61c 102004 inetutils-ftp_2.4-2+deb12u3_mips64el.deb
 56ca3ee2c9309b37d09641f28ddfa43a2cf3b98d 194456 inetutils-ftpd-dbgsym_2.4-2+deb12u3_mips64el.deb
 0a42c0406ff9542dbdfa5be51546df45da22fbb4 104896 inetutils-ftpd_2.4-2+deb12u3_mips64el.deb
 909d4831ee31c8dcb6f819c5cee8759cc506f028 107728 inetutils-inetd-dbgsym_2.4-2+deb12u3_mips64el.deb
 0bd2af68818957f2245293b390d23ab606c4821b 79860 inetutils-inetd_2.4-2+deb12u3_mips64el.deb
 08f2b1e5d874edd26001866831e3dfed8120d796 189852 inetutils-ping-dbgsym_2.4-2+deb12u3_mips64el.deb
 1c3cac610f62a5f7f374e7a4fc5a0908a7dbeae8 85636 inetutils-ping_2.4-2+deb12u3_mips64el.deb
 b32d1460ad1b5718077b8edcfbba1321318bfae3 114808 inetutils-syslogd-dbgsym_2.4-2+deb12u3_mips64el.deb
 66097b23be5f0106d77a2118140ac13cbb119b90 83264 inetutils-syslogd_2.4-2+deb12u3_mips64el.deb
 f1954b2bde81dfb9103f316fd02e6f563dc95f85 87988 inetutils-talk-dbgsym_2.4-2+deb12u3_mips64el.deb
 a8b414d6238568d5e4760ac444119a6c50a54bda 69088 inetutils-talk_2.4-2+deb12u3_mips64el.deb
 724cb509ffac1c742a2a062ec34e32e7b11c4cce 104484 inetutils-talkd-dbgsym_2.4-2+deb12u3_mips64el.deb
 00f3f10ef78dbbb506b5d649f1068665c838e133 71556 inetutils-talkd_2.4-2+deb12u3_mips64el.deb
 44a01a31f9f442fc81e5e7bdaa26621f67692b96 212508 inetutils-telnet-dbgsym_2.4-2+deb12u3_mips64el.deb
 98a2836c957afba2301d8afe30a29f088c1d88b2 116608 inetutils-telnet_2.4-2+deb12u3_mips64el.deb
 0e0062bab46bc6bd9ab32396ba751ac173b7a9cb 189660 inetutils-telnetd-dbgsym_2.4-2+deb12u3_mips64el.deb
 3f96ac4acf8a9018555f7ece51a6dbe59b7789b5 106024 inetutils-telnetd_2.4-2+deb12u3_mips64el.deb
 75872e1a8458ac8972ff1ead4e60650a9e4e298f 337644 inetutils-tools-dbgsym_2.4-2+deb12u3_mips64el.deb
 a957780f221c7e39baf524996824cd410aa4c977 98844 inetutils-tools_2.4-2+deb12u3_mips64el.deb
 7dd7b4a58319744d530234d0ef12b7439b0c044a 88388 inetutils-traceroute-dbgsym_2.4-2+deb12u3_mips64el.deb
 db69a368e01c1e5de13ba8406f19b8dcf40686d8 66432 inetutils-traceroute_2.4-2+deb12u3_mips64el.deb
 67da182f6c444a30702a2ddae5e39afc44419a69 13140 inetutils_2.4-2+deb12u3_mips64el-buildd.buildinfo
Checksums-Sha256:
 bb8c27ae29aab1f317f2b6483c608312f2c5fbb6335a14b32f7daeedd34ff431 161368 inetutils-ftp-dbgsym_2.4-2+deb12u3_mips64el.deb
 ab58654c3bc5ac754ad0d2f3b296975ba39b6ecd3d6f5cf9ab3f3597b55f7e39 102004 inetutils-ftp_2.4-2+deb12u3_mips64el.deb
 d893f915566d0e54d807d312287dc1e1c1542fa7db8e50529440fe2214d94228 194456 inetutils-ftpd-dbgsym_2.4-2+deb12u3_mips64el.deb
 60409292945be8552b1fa74de0c16fe1b20d8bfb81632780165addab9c41bd6f 104896 inetutils-ftpd_2.4-2+deb12u3_mips64el.deb
 7d608792bb96c36521646bba2ddff38e2251c4866217cb9df6b85312afde26a4 107728 inetutils-inetd-dbgsym_2.4-2+deb12u3_mips64el.deb
 0c28a8439826bf24132b10ec2426fbca1d12bbcd5ad0ed3f8a44fd67a23df80b 79860 inetutils-inetd_2.4-2+deb12u3_mips64el.deb
 aae41f5d6ea6336d2f2dc2d29938578dcf608ecbfa6a0c2b68f66f8e1a07b060 189852 inetutils-ping-dbgsym_2.4-2+deb12u3_mips64el.deb
 6543fbe9613ebdb733e700511c0031345fce248e2ea8a88dc17d017aa0f2782a 85636 inetutils-ping_2.4-2+deb12u3_mips64el.deb
 db8f1edf80dfd55a16352c9f95407e1ce20b18979687bc4659b07276cacdfdf8 114808 inetutils-syslogd-dbgsym_2.4-2+deb12u3_mips64el.deb
 0806c925bcaec4b30ed1497cee28f7adcda23da7328c9cee0650a555c2a0c889 83264 inetutils-syslogd_2.4-2+deb12u3_mips64el.deb
 92b139717cba0fb92b3c33f795661469db470104f25dccd4dd54e4deb5e02315 87988 inetutils-talk-dbgsym_2.4-2+deb12u3_mips64el.deb
 10fc3aece073da24209c97d4c7a540fc33192891310c9186dc6f6b61ce126007 69088 inetutils-talk_2.4-2+deb12u3_mips64el.deb
 1e92b9ce4d48b9415e4b1327790d56d4cfa529907c5e348c15ec3adf22a5f3dd 104484 inetutils-talkd-dbgsym_2.4-2+deb12u3_mips64el.deb
 463f918f5b418947a5e695ac9dfb3cc47005fa008cccb297a37db8d963301c3c 71556 inetutils-talkd_2.4-2+deb12u3_mips64el.deb
 816bb3685d5351b586cb78d8e8cf60810a88623be7c333d3e5e6c8359bd19288 212508 inetutils-telnet-dbgsym_2.4-2+deb12u3_mips64el.deb
 4910d61a5ef8bdf2f38446a5416a8fef735feb74724db8c5a8e4665b81976b1b 116608 inetutils-telnet_2.4-2+deb12u3_mips64el.deb
 9246aff823cd01a9c79b102cfc5aac4126ba15f1aeb5f294b80347c8581cbb93 189660 inetutils-telnetd-dbgsym_2.4-2+deb12u3_mips64el.deb
 d15aaaad5d56b292a09c1cdd0adc61d8cda74336452f07a9e6b5852f910045e5 106024 inetutils-telnetd_2.4-2+deb12u3_mips64el.deb
 99c418b3fbb34abfda89ffff0687dc548de363152c20ed6aab93151350f790b2 337644 inetutils-tools-dbgsym_2.4-2+deb12u3_mips64el.deb
 62d713a64cf893556cce95ff04017899c376c77c0bd79918033f36c4e2d23238 98844 inetutils-tools_2.4-2+deb12u3_mips64el.deb
 55af80f4fd03ded56de29f8aab2e3f1a2c0e55db881deeb6155dfccd5e4d74bb 88388 inetutils-traceroute-dbgsym_2.4-2+deb12u3_mips64el.deb
 773181be4f2419c398a6a164cc8fa6a04eefed3a14b7a3098f883c866c8d120f 66432 inetutils-traceroute_2.4-2+deb12u3_mips64el.deb
 3b0a9737021d99b757f26fa16fe5eaf9adde6a2118b44841c0441cc73689c8f1 13140 inetutils_2.4-2+deb12u3_mips64el-buildd.buildinfo
Files:
 a43daa24b37f1d5fab8842ef36337aa3 161368 debug optional inetutils-ftp-dbgsym_2.4-2+deb12u3_mips64el.deb
 698594c3be1220fec5b0f6313bbeb01f 102004 net optional inetutils-ftp_2.4-2+deb12u3_mips64el.deb
 682e316303c307059e358a99433e1898 194456 debug optional inetutils-ftpd-dbgsym_2.4-2+deb12u3_mips64el.deb
 eff278a3ec1aa9819dd02d083b4e078f 104896 net optional inetutils-ftpd_2.4-2+deb12u3_mips64el.deb
 d5281a99163caf7f9164e177a79708f4 107728 debug optional inetutils-inetd-dbgsym_2.4-2+deb12u3_mips64el.deb
 96d4ee13c0fe00f2e24349213ad3c458 79860 net optional inetutils-inetd_2.4-2+deb12u3_mips64el.deb
 529ce3c2f94c0d2adc6da894bdcc92c0 189852 debug optional inetutils-ping-dbgsym_2.4-2+deb12u3_mips64el.deb
 55fa0731f13baf8f133abd2a0829e0f4 85636 net optional inetutils-ping_2.4-2+deb12u3_mips64el.deb
 12ff2217e9511dcb7644298197a33584 114808 debug optional inetutils-syslogd-dbgsym_2.4-2+deb12u3_mips64el.deb
 c070013f5662d19fac177588b353cf71 83264 net optional inetutils-syslogd_2.4-2+deb12u3_mips64el.deb
 9b02d9334b0ce18eb1a0963eb9af8b40 87988 debug optional inetutils-talk-dbgsym_2.4-2+deb12u3_mips64el.deb
 966019b837c8684a5d7d1b9ab2ebdbe4 69088 net optional inetutils-talk_2.4-2+deb12u3_mips64el.deb
 2c93cf5b676ba1409cb89bfd43a05668 104484 debug optional inetutils-talkd-dbgsym_2.4-2+deb12u3_mips64el.deb
 a2f833ed48398eeb9bae26049834d71c 71556 net optional inetutils-talkd_2.4-2+deb12u3_mips64el.deb
 fa7ae22e34bb26e82a44b63f376c8953 212508 debug optional inetutils-telnet-dbgsym_2.4-2+deb12u3_mips64el.deb
 bfc1e7caa2e6bed84cea26e1221d6e99 116608 net standard inetutils-telnet_2.4-2+deb12u3_mips64el.deb
 d1d3f17ae3a80189868699d5aee97739 189660 debug optional inetutils-telnetd-dbgsym_2.4-2+deb12u3_mips64el.deb
 d872805c804d8fb3e96a1c031858f35b 106024 net optional inetutils-telnetd_2.4-2+deb12u3_mips64el.deb
 c3dacaa211a020cd00a5f23c1361836e 337644 debug optional inetutils-tools-dbgsym_2.4-2+deb12u3_mips64el.deb
 9fca985e7697204c97c7375898b82929 98844 net optional inetutils-tools_2.4-2+deb12u3_mips64el.deb
 e438bea3e75899bc3cbd7a6839619026 88388 debug optional inetutils-traceroute-dbgsym_2.4-2+deb12u3_mips64el.deb
 26924b9cea0623bcdc865362db3cf7b4 66432 net optional inetutils-traceroute_2.4-2+deb12u3_mips64el.deb
 07e161a8413546074908e8220bc68a6c 13140 net optional inetutils_2.4-2+deb12u3_mips64el-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmnL3EYACgkQHrk2gTKe
Wgg2aQ/+Or3akUAy6lOwdRAq8PulpGR7zPyxFSnYHh7MF4W+n4j/SSDAdv9aApq8
CvZmfFsx5S4ZkUBgP7QsqI6xOFY0khl+sFJNfaJsVT25ZBHoVYShzHcwrsNH15w0
2NxEbnM0k0KBG5EGDC1tmnBC/SXRS3d4aLG561n9LbYclv9hZsWjEhPmnJrgt4F5
2QvoeCe4x0Epc9RaCxjdr2Pi38F0PEGwyubRIrMnVt431IaXxEaU12YLJupRDAaF
PDwlZmbGIsft1XoTsb2zLI4RWYV0mgUCIt0PFfi2z3Q7RNCqWpFpPF2ERoDdlG6a
4czSB4eAFUb8Z0AEIVgtAshPZjzCmRPKoLC6T+HOi7pWHo7LtnwUB+z4JpVWZ9WU
mUrGaUO22l1s2tf09ehhMwJ4ercT6RF59WSZc6Kcjv5+MzoAwT5TS9Tb2yVtt8Mv
DEB+91Dwn382qchsKyLj2wPWSD/a5KfQcRD4Dz804RfQtDY4+18gmLQ+bzBYgSl0
5N8BbKwfFEp/y2jYfwYF1rZZnYkTXc0aQKBECch26S8vTsMbMkEc3VxuGXxB1PSd
qThn7VD1p0wz2H8p7esmu9PlmzlHvn9zokYWsvv6uxEXrjvHJ2BZ4Kfwgy9yvv3f
uFIWFMXbRg2X1OoN1QHyz9kK2+cj+CCUaR2YDRlprclVAQDE07g=
=2djJ
-----END PGP SIGNATURE-----