-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2026 16:44:03 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-ftp-dbgsym inetutils-ftpd inetutils-ftpd-dbgsym inetutils-inetd inetutils-inetd-dbgsym inetutils-ping inetutils-ping-dbgsym inetutils-syslogd inetutils-syslogd-dbgsym inetutils-talk inetutils-talk-dbgsym inetutils-talkd inetutils-talkd-dbgsym inetutils-telnet inetutils-telnet-dbgsym inetutils-telnetd inetutils-telnetd-dbgsym inetutils-tools inetutils-tools-dbgsym inetutils-traceroute inetutils-traceroute-dbgsym
Architecture: armhf
Version: 2:2.6-3+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 inetutils-ftp - File Transfer Protocol client
 inetutils-ftpd - File Transfer Protocol server
 inetutils-inetd - internet super server
 inetutils-ping - ICMP echo tool
 inetutils-syslogd - system logging daemon
 inetutils-talk - talk to another user
 inetutils-talkd - remote user communication server
 inetutils-telnet - telnet client
 inetutils-telnetd - telnet server
 inetutils-tools - base networking utilities (experimental package)
 inetutils-traceroute - trace the IPv4 route to another host
Closes: 1130741 1130742
Changes:
 inetutils (2:2.6-3+deb13u3) trixie-security; urgency=high
 .
   * Add patches from upstream:
     - Ignore all environment options from clients unless the variable was
       listed in the new --accept-env telnetd option. This mitigates privilege
       escalation using environment variables.
       This is the complete fix for CVE-2026-24061, with its own CVE pending.
     - Fix stack buffer overflow processing SLC suboption triplets.
       Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg,
       Daniel Lubel at DREAM Security Research Team.
       Fixes CVE-2026-32746. (Closes: #1130742)
   * Add the hashcode-string1 module from forky/sid gnulib, required by the
     --accept-env patch.
   * Adapt netkit-telnet patch to not leak unexported environment variables to
     telnetd. Reported by Justin Swartz <justin.swartz@risingedge.co.za>.
     Fixes CVE-2026-32772. (Closes: #1130741)
   * Prevent user local privilege escalation using --debug, which was
     susceptible to symlink attacks, or leaking on-wire credentials to a
     user that had pre-created the file and kept it open. Fix by switching
     from /tmp/telnet.debug to /run/telnet/debug.<pid>, and making the
     setup error checks fatal.
     Partially reported by Justin Swartz <justin.swartz@risingedge.co.za>.
   * Update local telnetd man page to match new --debug behavior.
Checksums-Sha1:
 4670f09b85d9f2c0aaea14e97329637cd02df15f 164220 inetutils-ftp-dbgsym_2.6-3+deb13u3_armhf.deb
 13cdfc86b2041d5634c2f93d952c17628c1242a0 103964 inetutils-ftp_2.6-3+deb13u3_armhf.deb
 adb58739c8c6fd53af719cc7fd7d471d901c936c 191864 inetutils-ftpd-dbgsym_2.6-3+deb13u3_armhf.deb
 e578a8fefc50379ee7d88ed5f89f0e8ac1257683 104436 inetutils-ftpd_2.6-3+deb13u3_armhf.deb
 138bae345cf5c8636cd80a66881f6185db4418bc 106636 inetutils-inetd-dbgsym_2.6-3+deb13u3_armhf.deb
 c587f8187e23db11849c1b1b1d2957070c441bbb 80500 inetutils-inetd_2.6-3+deb13u3_armhf.deb
 53b4425b9f8172a11278f412513af032a6e763fa 189392 inetutils-ping-dbgsym_2.6-3+deb13u3_armhf.deb
 e24c55bbf47b026ffd2f5980b0d6e5b6a21d4512 84436 inetutils-ping_2.6-3+deb13u3_armhf.deb
 883e6392cdd96549871803758110a5e3e45d245b 124636 inetutils-syslogd-dbgsym_2.6-3+deb13u3_armhf.deb
 0d476d7a24f18444dc15e9673976c07b6e22e24f 86380 inetutils-syslogd_2.6-3+deb13u3_armhf.deb
 2206a5f09b21bc3cbb33652616382711da8891f6 86136 inetutils-talk-dbgsym_2.6-3+deb13u3_armhf.deb
 e3fc426e8e020aa59c9efdd8a42ae410e1cca850 68952 inetutils-talk_2.6-3+deb13u3_armhf.deb
 c3adf44fb10a9035594f10ab4e5f79bdf9fe00a8 113668 inetutils-talkd-dbgsym_2.6-3+deb13u3_armhf.deb
 a6aef8ce0bcae6699bdbef2eb8088bc45a978074 74096 inetutils-talkd_2.6-3+deb13u3_armhf.deb
 19e18d351c48742ff144fbe82943ac8c27fcaa44 226220 inetutils-telnet-dbgsym_2.6-3+deb13u3_armhf.deb
 0d218e73d30c7ac6f05980085d74e852f97a2f65 117532 inetutils-telnet_2.6-3+deb13u3_armhf.deb
 1762d053e2cb70967e0e4b6660945b8fa38fcdcb 184344 inetutils-telnetd-dbgsym_2.6-3+deb13u3_armhf.deb
 00b8f85862594b5f404157a853687861020d4b10 100088 inetutils-telnetd_2.6-3+deb13u3_armhf.deb
 627a4ce1134ea0f643e17f97797389bb78a385a0 336824 inetutils-tools-dbgsym_2.6-3+deb13u3_armhf.deb
 c333dfd8eb193810caad31954b39057e262c350c 93448 inetutils-tools_2.6-3+deb13u3_armhf.deb
 8807ace95848f74620f72a757a4f151c0c637d85 88804 inetutils-traceroute-dbgsym_2.6-3+deb13u3_armhf.deb
 5799cece84f64ec4252ecfe3927cb441635c478d 67252 inetutils-traceroute_2.6-3+deb13u3_armhf.deb
 7dcc727d1a8f1b41ceb4139c15325017fb77be1a 12835 inetutils_2.6-3+deb13u3_armhf-buildd.buildinfo
Checksums-Sha256:
 620fe40890cfd2972be73897fbf98a42f12a8920ad629ad0e8b673a3534ba257 164220 inetutils-ftp-dbgsym_2.6-3+deb13u3_armhf.deb
 28ce7f417b385a6f78d7ea2d50071244edbf7fb346794fa53501ef4d2b05e72d 103964 inetutils-ftp_2.6-3+deb13u3_armhf.deb
 d168c93b3915afe0ab084d8ee621bdadfe2a18acaf98a3c02dd315842ddfb4db 191864 inetutils-ftpd-dbgsym_2.6-3+deb13u3_armhf.deb
 61f75a972d42fdf53c22b1c285cbbb96cfa1cc327329d3ac0c1f8e4f51e3e4d2 104436 inetutils-ftpd_2.6-3+deb13u3_armhf.deb
 e88f932fa16a279035235acaabcf140d999132b76174e993f15653825cb2771e 106636 inetutils-inetd-dbgsym_2.6-3+deb13u3_armhf.deb
 380bed44f2549ba6dc9f9c7278d6bf0b8756da06c4ce18c3deb7a4e56bc4fa97 80500 inetutils-inetd_2.6-3+deb13u3_armhf.deb
 7e3d43098b30e8fe971557b5acfaa8530358b987abf45d5112a7e5a7ffa739f6 189392 inetutils-ping-dbgsym_2.6-3+deb13u3_armhf.deb
 41c127789e571eb4e62000eb73283b24ce9874b43974543c9c5162ae0b0a98ac 84436 inetutils-ping_2.6-3+deb13u3_armhf.deb
 bf947e4f8b7783f84370348dc08e9e51a12c8cbb70799ae4e8ce4f691f2dddeb 124636 inetutils-syslogd-dbgsym_2.6-3+deb13u3_armhf.deb
 c20526b88337e599e2a27dc52650196c269562dbe9484c3e6e307c6d4872f416 86380 inetutils-syslogd_2.6-3+deb13u3_armhf.deb
 a65ce04cc5e8c6f6ca1ee788ae816eee0f1fc17d7243a4ac89e1a5383b3316cb 86136 inetutils-talk-dbgsym_2.6-3+deb13u3_armhf.deb
 adbc5eb3d11766013da6c2e4abe8d9806c39aab48b42e93b93165c17f89de18f 68952 inetutils-talk_2.6-3+deb13u3_armhf.deb
 bd87dd3d675b651f790354e14e93ee745bc95e16015e823b19c7e7e1ca920179 113668 inetutils-talkd-dbgsym_2.6-3+deb13u3_armhf.deb
 c1d1e2c8ac3933b871659c7db6941c5f084e95138d34665d5ada2c6c77769fec 74096 inetutils-talkd_2.6-3+deb13u3_armhf.deb
 f2d54fdea90bdacc2ef0f78a70eafcab653e234842e18a14fdda1dcb637ea490 226220 inetutils-telnet-dbgsym_2.6-3+deb13u3_armhf.deb
 66d7117f0b8608e46c5049e619323b1a3779742c574270044da3b6b4b3edd61e 117532 inetutils-telnet_2.6-3+deb13u3_armhf.deb
 6bfe148a39f4b5b137f50704eb476fa87cd7edafb830d72a9e35e05dcba5fb3a 184344 inetutils-telnetd-dbgsym_2.6-3+deb13u3_armhf.deb
 48b40be48dfc42137afe7f9634612950b9e47b71421df1f8eaa0170fb883a41e 100088 inetutils-telnetd_2.6-3+deb13u3_armhf.deb
 955d3db356b92903701d574566c1b5f68bfdb4583f5d9a500dc9067edc02a284 336824 inetutils-tools-dbgsym_2.6-3+deb13u3_armhf.deb
 88c344cf337155fc3c65a35b0f3dffdbd2d5ee784f10c9fced28094a92e90bc6 93448 inetutils-tools_2.6-3+deb13u3_armhf.deb
 a699d827768da1aa0b1f213e90e8930217fd82149b5e87a48605e4976dc50a5a 88804 inetutils-traceroute-dbgsym_2.6-3+deb13u3_armhf.deb
 8882acd2ee67af13de8a09d7a4da008df8ffe0838d8bf1bc76708dda09d4d2e0 67252 inetutils-traceroute_2.6-3+deb13u3_armhf.deb
 a3186e0ae5562701da0d378d05b7b0002e772ca8f98b5065151b08dc41334477 12835 inetutils_2.6-3+deb13u3_armhf-buildd.buildinfo
Files:
 ac3016e5d7b9dc1e2bbb2488b04bede8 164220 debug optional inetutils-ftp-dbgsym_2.6-3+deb13u3_armhf.deb
 0943f5e4d1a2dea9404981e8206171ab 103964 net optional inetutils-ftp_2.6-3+deb13u3_armhf.deb
 d699614a101d4699e268c61b65044701 191864 debug optional inetutils-ftpd-dbgsym_2.6-3+deb13u3_armhf.deb
 057585708693fd2f4238b1d87032574d 104436 net optional inetutils-ftpd_2.6-3+deb13u3_armhf.deb
 644ad7f20db62d03ddc31079163cdc1d 106636 debug optional inetutils-inetd-dbgsym_2.6-3+deb13u3_armhf.deb
 2b6bdfdcb2c7844a3690723968ca2a11 80500 net optional inetutils-inetd_2.6-3+deb13u3_armhf.deb
 4b3a95fe480a3136e8c9919a19fa9bc2 189392 debug optional inetutils-ping-dbgsym_2.6-3+deb13u3_armhf.deb
 9311c597178688a366ddcdc621fc8cf7 84436 net optional inetutils-ping_2.6-3+deb13u3_armhf.deb
 d5a754a81552074cee3b951d4771b6fd 124636 debug optional inetutils-syslogd-dbgsym_2.6-3+deb13u3_armhf.deb
 5e3f3f2b2b85eb6471720c232c7068c9 86380 net optional inetutils-syslogd_2.6-3+deb13u3_armhf.deb
 da605ad016a9d7523850c4785fac9941 86136 debug optional inetutils-talk-dbgsym_2.6-3+deb13u3_armhf.deb
 a9968499a5b37143c701c9bbcdf15cdf 68952 net optional inetutils-talk_2.6-3+deb13u3_armhf.deb
 9f19bca378cc060bf49ee293d6da579e 113668 debug optional inetutils-talkd-dbgsym_2.6-3+deb13u3_armhf.deb
 42ed1e065f39057190cfe26ee8643d9d 74096 net optional inetutils-talkd_2.6-3+deb13u3_armhf.deb
 a5ac9c70852c976c8eb88f9988b995c3 226220 debug optional inetutils-telnet-dbgsym_2.6-3+deb13u3_armhf.deb
 429290076b9ebc90c4e1f605493eee3e 117532 net standard inetutils-telnet_2.6-3+deb13u3_armhf.deb
 acd9f43af56053188f694b33219fea52 184344 debug optional inetutils-telnetd-dbgsym_2.6-3+deb13u3_armhf.deb
 2a02452e9525b641cea680896c51d984 100088 net optional inetutils-telnetd_2.6-3+deb13u3_armhf.deb
 a846357dbc1c27860a2f1751a3c4276c 336824 debug optional inetutils-tools-dbgsym_2.6-3+deb13u3_armhf.deb
 4bb6a30b053953a97ddaa3fc0b2cce81 93448 net optional inetutils-tools_2.6-3+deb13u3_armhf.deb
 cde162e8e5e588609791f0609861b739 88804 debug optional inetutils-traceroute-dbgsym_2.6-3+deb13u3_armhf.deb
 d224224766bc658d5c9b93a07a9ed7ff 67252 net optional inetutils-traceroute_2.6-3+deb13u3_armhf.deb
 0128a5e35fa0f61a546f8e102d4c3ae0 12835 net optional inetutils_2.6-3+deb13u3_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmnL3W0ACgkQxqCFmsOW
goaTBA/6A3BodvWNakC+p50h+7+kIw1YUpPLEmX0cgMLArieWzkL6URRDXUefm3K
l1fKQobktvVae1o2jnhsS1kTxiHnowXRvxsGwkcy6dgtTOi5EAwz4c+hrtO8m6VN
jo3Qbr8B3bfR7RoxadUBWkNh98Guhj1q1FOpk1CQjQ23V9qlFotJYbUKjYEFpuJY
tdzJ3vsWnUOyyIQsXxkNLo2nGCezQt3/b3X1UbK3vLqsAxxmKgDyya0nxJIcw5ht
ffMJjPVb1niVaeSCi2Un2cCnJk9LlCDLiQ515a6RBZsBknFvk47K+VfTi/KT4OCX
mUyEzdYO06h1JtZaSQ9MESpaM9rbA90H8+qs/0qDtHqWlTvarHL4HF88gEaY9xXM
G1ABTHC1QlYpCs+NVkLzRYZlmfL88uj+LQpTLyAiuRTDXLu11xTNZqFe28EUpNcm
4q41W6LuM3lmM0KU7Am2Ok+hl2+sZD/7CO2CPpBSyHxwIj5xU1WrMjJ278qZH5wP
RY/2XEFPHWrB9cWwNoopFgahONZTxxo936qNsmXdICqo1GZNG4WF4Vgp3tsl/TMo
Ri92tv9wqBklzY2lDJzQfPtuOmLeh+Q2BNBJC6fPBkF/02mWJhufHawmKv9TfVOH
UE5tLyK8H1U4Yg6dlD2t/WndGpLskRH8nW+jiGd4NpG8yCMBC70=
=qu2a
-----END PGP SIGNATURE-----