-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 Mar 2026 16:44:03 +0200 Source: inetutils Binary: telnet telnetd Architecture: all Version: 2:2.6-3+deb13u3 Distribution: trixie-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Guillem Jover Description: telnet - transitional dummy package for inetutils-telnet default switch telnetd - transitional dummy package for inetutils-telnetd default switch Closes: 1130741 1130742 Changes: inetutils (2:2.6-3+deb13u3) trixie-security; urgency=high . * Add patches from upstream: - Ignore all environment options from clients unless the variable was listed in the new --accept-env telnetd option. This mitigates privilege escalation using environment variables. This is the complete fix for CVE-2026-24061, with its own CVE pending. - Fix stack buffer overflow processing SLC suboption triplets. Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg, Daniel Lubel at DREAM Security Research Team. Fixes CVE-2026-32746. (Closes: #1130742) * Add the hashcode-string1 module from forky/sid gnulib, required by the --accept-env patch. * Adapt netkit-telnet patch to not leak unexported environment variables to telnetd. Reported by Justin Swartz . Fixes CVE-2026-32772. (Closes: #1130741) * Prevent user local privilege escalation using --debug, which was susceptible to symlink attacks, or leaking on-wire credentials to a user that had pre-created the file and kept it open. Fix by switching from /tmp/telnet.debug to /run/telnet/debug., and making the setup error checks fatal. Partially reported by Justin Swartz . * Update local telnetd man page to match new --debug behavior. Checksums-Sha1: ff4282a246a470d4058506f17995b5468a4fa593 6610 inetutils_2.6-3+deb13u3_all-buildd.buildinfo 3702b238d4a66e644b32dcdaa903576379d69d46 44108 telnet_0.17+2.6-3+deb13u3_all.deb 447163b3898cd7e44fbbbac87c0d53c10c520469 44192 telnetd_0.17+2.6-3+deb13u3_all.deb Checksums-Sha256: 8a4d389ea9056d1b275fdfd816ac63c559270ef941a8d1d6b43cc82392f3d66c 6610 inetutils_2.6-3+deb13u3_all-buildd.buildinfo ff3af7c8600d45619528c7c6ba8316d738e9ad6efa97a62f01f03775b3059acd 44108 telnet_0.17+2.6-3+deb13u3_all.deb e51c3d14170f496a07dec4d4a0144e53ea753e4146c2124cea617b8cc371a09a 44192 telnetd_0.17+2.6-3+deb13u3_all.deb Files: 29eaf12152b6c826e75ee300714b7f2c 6610 net optional inetutils_2.6-3+deb13u3_all-buildd.buildinfo 5d5eccead34f96092f241e4a760a3a0a 44108 oldlibs optional telnet_0.17+2.6-3+deb13u3_all.deb ada762304a3366068241adf18298f75a 44192 oldlibs optional telnetd_0.17+2.6-3+deb13u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmnL3EsACgkQmgPNRvTf /zdT/xAAxIQNvrjdTPFE+nBgF50lGz+CllpqQ3tWrfiTJd4QAwtIhAoVXZHaEuCv hfRgewQsOVAOVLejCA8bTt9x0fKjyFMe+9aZAJxLsGvDX2LbFTkJwx8siNih70Ts NIVkAiSqI81sOhXFRXcdrxbNeV/BOvZYhYAT75IH2Pw1JQJK4/4SS06AzcU7WsIZ lIHYhWEp8nRGoKiPh+q3jZqmaMV9fEVTORwYa+ddxFjuXCWlhh5RYEvDjN3hNGB8 ILhSXbX3W9pTppuJ2WQ7gYNMFAtOlZqePKJXEk6JhYKEfCMCSa8and3Pwn0KgeX6 QEaDF8JUgHdRiezJdCLI5HvsXJ6H1e3tdiZE/dL8ydNog8bR9SescapCWqvWGJOZ FVoMAOgfSLzgetknwpqWp/ceZaweEs87/pcElqM6ah7l/vP5//p9LKhq6KIj4qUl bkVvMx67j2iqxmOeqZAjLgJ4R57bWp7D4JXoYK2OCBgftOiRoOnAuU/1igbg6j6K qOhm9mEAWczqVO4FYWw88qDfMDleyaW/QhXG5x6OIoc762loDDx958N8lagKhqE/ aRNRaqtW2WHiCNX5nygqrsCzqsTOR+A+jwOzjk7QwajUD4kcqss2KooyDTIuW6K2 OeLv7zzcwPWihv+kCyaAwZJ6NmbhIftEQZQUQDt7KDFXzZgXjxM= =+kfH -----END PGP SIGNATURE-----