-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2026 16:44:03 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-ftp-dbgsym inetutils-ftpd inetutils-ftpd-dbgsym inetutils-inetd inetutils-inetd-dbgsym inetutils-ping inetutils-ping-dbgsym inetutils-syslogd inetutils-syslogd-dbgsym inetutils-talk inetutils-talk-dbgsym inetutils-talkd inetutils-talkd-dbgsym inetutils-telnet inetutils-telnet-dbgsym inetutils-telnetd inetutils-telnetd-dbgsym inetutils-tools inetutils-tools-dbgsym inetutils-traceroute inetutils-traceroute-dbgsym
Architecture: riscv64
Version: 2:2.6-3+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: riscv64 Build Daemon (rv-manda-04) <buildd_riscv64-rv-manda-04@buildd.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 inetutils-ftp - File Transfer Protocol client
 inetutils-ftpd - File Transfer Protocol server
 inetutils-inetd - internet super server
 inetutils-ping - ICMP echo tool
 inetutils-syslogd - system logging daemon
 inetutils-talk - talk to another user
 inetutils-talkd - remote user communication server
 inetutils-telnet - telnet client
 inetutils-telnetd - telnet server
 inetutils-tools - base networking utilities (experimental package)
 inetutils-traceroute - trace the IPv4 route to another host
Closes: 1130741 1130742
Changes:
 inetutils (2:2.6-3+deb13u3) trixie-security; urgency=high
 .
   * Add patches from upstream:
     - Ignore all environment options from clients unless the variable was
       listed in the new --accept-env telnetd option. This mitigates privilege
       escalation using environment variables.
       This is the complete fix for CVE-2026-24061, with its own CVE pending.
     - Fix stack buffer overflow processing SLC suboption triplets.
       Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg,
       Daniel Lubel at DREAM Security Research Team.
       Fixes CVE-2026-32746. (Closes: #1130742)
   * Add the hashcode-string1 module from forky/sid gnulib, required by the
     --accept-env patch.
   * Adapt netkit-telnet patch to not leak unexported environment variables to
     telnetd. Reported by Justin Swartz <justin.swartz@risingedge.co.za>.
     Fixes CVE-2026-32772. (Closes: #1130741)
   * Prevent user local privilege escalation using --debug, which was
     susceptible to symlink attacks, or leaking on-wire credentials to a
     user that had pre-created the file and kept it open. Fix by switching
     from /tmp/telnet.debug to /run/telnet/debug.<pid>, and making the
     setup error checks fatal.
     Partially reported by Justin Swartz <justin.swartz@risingedge.co.za>.
   * Update local telnetd man page to match new --debug behavior.
Checksums-Sha1:
 869fdd68043646aa4fe38d75660422511232d405 153664 inetutils-ftp-dbgsym_2.6-3+deb13u3_riscv64.deb
 e867b71360aee8d98d0a78f5b9970a441dd52a11 110096 inetutils-ftp_2.6-3+deb13u3_riscv64.deb
 befa310f6c330ee4448f28ed858b36c3f4b16ff8 184280 inetutils-ftpd-dbgsym_2.6-3+deb13u3_riscv64.deb
 f78398f2a338884cca81019d8d9d54e902674e4a 111552 inetutils-ftpd_2.6-3+deb13u3_riscv64.deb
 9b646ec388a1af1743d14915850e249c01a40d07 101520 inetutils-inetd-dbgsym_2.6-3+deb13u3_riscv64.deb
 d031678bbf2bffc164f4c415af19602437ab5faa 84700 inetutils-inetd_2.6-3+deb13u3_riscv64.deb
 b3ba657f556ec8d8beec50f8318b90555949cd7b 189988 inetutils-ping-dbgsym_2.6-3+deb13u3_riscv64.deb
 b14e31849db8d62c1317ab2c80f779d9b8bfb39f 88912 inetutils-ping_2.6-3+deb13u3_riscv64.deb
 6499c4b93689389300e1329fdd2e2cf1628ec8f0 118792 inetutils-syslogd-dbgsym_2.6-3+deb13u3_riscv64.deb
 b932a459573e4727b690c4d1e67ad2dcb097f588 90644 inetutils-syslogd_2.6-3+deb13u3_riscv64.deb
 1b21c28f85f5721023f52107ff488878f75c7440 81576 inetutils-talk-dbgsym_2.6-3+deb13u3_riscv64.deb
 ccd4d36372e10f8779eecd9bae424880d1dc736f 72056 inetutils-talk_2.6-3+deb13u3_riscv64.deb
 7ea246883438bad0ba4db4de27ec23e75a0633f7 107964 inetutils-talkd-dbgsym_2.6-3+deb13u3_riscv64.deb
 83cf0c585c9bb8fa9806fb95c12a00cdc8a1bb68 78600 inetutils-talkd_2.6-3+deb13u3_riscv64.deb
 be4f8e184aa1937629cbe38c88e78cf140e734eb 219572 inetutils-telnet-dbgsym_2.6-3+deb13u3_riscv64.deb
 f233c390dca0c8bda6418e6a02caccbe52624040 129128 inetutils-telnet_2.6-3+deb13u3_riscv64.deb
 d193670fd3fc9ef476d493ec2dc25d75e68f1727 174832 inetutils-telnetd-dbgsym_2.6-3+deb13u3_riscv64.deb
 8943d2ce4c51d0d03dbe80482b3d9b9aba207142 110692 inetutils-telnetd_2.6-3+deb13u3_riscv64.deb
 02efd960dd9dcc444078f67634ff0ae11e5c974c 337672 inetutils-tools-dbgsym_2.6-3+deb13u3_riscv64.deb
 0ec1e6e52426f1b572552e1c9e1aebc461049c02 103860 inetutils-tools_2.6-3+deb13u3_riscv64.deb
 0067b6e48f7b964d709c4c72d007d30fb250fa98 83392 inetutils-traceroute-dbgsym_2.6-3+deb13u3_riscv64.deb
 cdf6117bfc7fc82015333da1de53bb6121f37eab 69636 inetutils-traceroute_2.6-3+deb13u3_riscv64.deb
 92d4deb3d956c0fe7931a8f1b04c1fd304a151a1 13036 inetutils_2.6-3+deb13u3_riscv64-buildd.buildinfo
Checksums-Sha256:
 d18a3ed464c2d22dfa59ec2da41a56aee5c6417e43d94e99043197eb747b004f 153664 inetutils-ftp-dbgsym_2.6-3+deb13u3_riscv64.deb
 404ce49ef5432634e79b1f04f93e927bf6a246d7f2ccfb3fb614fe1797a84f54 110096 inetutils-ftp_2.6-3+deb13u3_riscv64.deb
 d5558b93b2056c2d6e1bdeb8e268d3117dc86274c37ced4b985bafe18c19fdc2 184280 inetutils-ftpd-dbgsym_2.6-3+deb13u3_riscv64.deb
 176c8685051cb57c74f6dc8f13ca5e2c6453c745349bea665a2c3a51e60ef869 111552 inetutils-ftpd_2.6-3+deb13u3_riscv64.deb
 b8fa6e68c22ab5beaa29fa7cb40cde5d05344f40d39891b70f951bf3272442d0 101520 inetutils-inetd-dbgsym_2.6-3+deb13u3_riscv64.deb
 eb23f66b0ee633aafcd9dad3732dbc223936d9da6b8e8d5cc192e064c8003ac5 84700 inetutils-inetd_2.6-3+deb13u3_riscv64.deb
 e4d75f30b21cec4081deb6366d2b01c2d42168d1d742e1dd6b22ad5c345ba6e7 189988 inetutils-ping-dbgsym_2.6-3+deb13u3_riscv64.deb
 c734c47c55f9c5be6f8f23ca39f7f5f1836ac8cda254d643c19af2064014b1e0 88912 inetutils-ping_2.6-3+deb13u3_riscv64.deb
 60ba9dfb369e18c44cf0b1fa563b0f3e9f79a33d1430e051076261227c6889ec 118792 inetutils-syslogd-dbgsym_2.6-3+deb13u3_riscv64.deb
 0a01f878ec9551de7501cf6774f9ebbd86505abd89e3188894f7b55355a1249a 90644 inetutils-syslogd_2.6-3+deb13u3_riscv64.deb
 94312ac3392ec6447b3eab0b3c6c4ee68ba539e6e543a9db45a89b2501868e94 81576 inetutils-talk-dbgsym_2.6-3+deb13u3_riscv64.deb
 0175f6ee35894db47a11d0666db094d6593452aefdc19107a0c3bb44104756e0 72056 inetutils-talk_2.6-3+deb13u3_riscv64.deb
 5afc4ee22577a3da70ef742fe79403aeb3d1435b5d4fb4946676e8ebac545b6c 107964 inetutils-talkd-dbgsym_2.6-3+deb13u3_riscv64.deb
 8ad999dc60a7f97597126911cac8e4f78644cedc3e88168dfa1e8dd0588244b1 78600 inetutils-talkd_2.6-3+deb13u3_riscv64.deb
 13abfcacef4cd3d90a9c1ce3e1f2f604f4bfcb6ab2bff7c19d58d2cf188697ea 219572 inetutils-telnet-dbgsym_2.6-3+deb13u3_riscv64.deb
 53f4cdd2632285320a7cf61ea8b1e67620d3ecb8037070174151419d2c98868e 129128 inetutils-telnet_2.6-3+deb13u3_riscv64.deb
 02c9fd62db603800f692536788d98dbd44b678df1d6f7321f4916be551e7865c 174832 inetutils-telnetd-dbgsym_2.6-3+deb13u3_riscv64.deb
 9e316a72eb7f0098be6c16d2e01a5d70ecf0638621960533e9db7889699744a0 110692 inetutils-telnetd_2.6-3+deb13u3_riscv64.deb
 73361d90d26045b303bcec9efed54c043f031da254de49adb262424869f5eb8f 337672 inetutils-tools-dbgsym_2.6-3+deb13u3_riscv64.deb
 db10e513224d68bf7b93b6b1b46fe8cf54b989554ab1401350f84bf4271eb6ce 103860 inetutils-tools_2.6-3+deb13u3_riscv64.deb
 5a38e4e2b5c604d61270ae56dab4685fcee3b3c1b768f08c577b623a95056d6f 83392 inetutils-traceroute-dbgsym_2.6-3+deb13u3_riscv64.deb
 450af226046db4cc44fd04748fddfa22117226e575d2b1f589a147d8ca7e5b72 69636 inetutils-traceroute_2.6-3+deb13u3_riscv64.deb
 bbc17a535384c26f6e21e5dd765127ed40f57a163ce191edaf35daf0a25129b6 13036 inetutils_2.6-3+deb13u3_riscv64-buildd.buildinfo
Files:
 ad4e4dcf647a253385846d2a3e05284a 153664 debug optional inetutils-ftp-dbgsym_2.6-3+deb13u3_riscv64.deb
 f7c1f0471cffd104fbe29bbb7d746c37 110096 net optional inetutils-ftp_2.6-3+deb13u3_riscv64.deb
 fc910ca165e710385ff86ef07b0a9122 184280 debug optional inetutils-ftpd-dbgsym_2.6-3+deb13u3_riscv64.deb
 3c20e817da1b08d46e45b60bafca469f 111552 net optional inetutils-ftpd_2.6-3+deb13u3_riscv64.deb
 d05c8413d4da26d88a2d736acb63f039 101520 debug optional inetutils-inetd-dbgsym_2.6-3+deb13u3_riscv64.deb
 a379160a249b01794aab92ce1134e0a5 84700 net optional inetutils-inetd_2.6-3+deb13u3_riscv64.deb
 56d528fd1dc435bdf13628d7dc50b1f2 189988 debug optional inetutils-ping-dbgsym_2.6-3+deb13u3_riscv64.deb
 c7c9629c4e5f3f248fb9e478ef13559c 88912 net optional inetutils-ping_2.6-3+deb13u3_riscv64.deb
 6184f2a21187680ca49980cda5f036fc 118792 debug optional inetutils-syslogd-dbgsym_2.6-3+deb13u3_riscv64.deb
 4469236c49f907627e0e9ce1e00c9ef0 90644 net optional inetutils-syslogd_2.6-3+deb13u3_riscv64.deb
 2d1d61c9d065eaac5daaf730d1d99f36 81576 debug optional inetutils-talk-dbgsym_2.6-3+deb13u3_riscv64.deb
 2ee2500af9922d3f9b84163a04336c80 72056 net optional inetutils-talk_2.6-3+deb13u3_riscv64.deb
 6222b8e6d02303b2ad9354077e24ab03 107964 debug optional inetutils-talkd-dbgsym_2.6-3+deb13u3_riscv64.deb
 39a2b742c1871152e9f0c2b7a3cb944e 78600 net optional inetutils-talkd_2.6-3+deb13u3_riscv64.deb
 d9ac6a4df88b299973043f9e62945d21 219572 debug optional inetutils-telnet-dbgsym_2.6-3+deb13u3_riscv64.deb
 c24c88567992c8ad9735541899c7088e 129128 net standard inetutils-telnet_2.6-3+deb13u3_riscv64.deb
 2cdeb2cf6f01d6f732d63583c3e9b62b 174832 debug optional inetutils-telnetd-dbgsym_2.6-3+deb13u3_riscv64.deb
 e047f2e8a7d97784acc7eea29465a767 110692 net optional inetutils-telnetd_2.6-3+deb13u3_riscv64.deb
 27acfcae28685f651b5d08ee63fc062c 337672 debug optional inetutils-tools-dbgsym_2.6-3+deb13u3_riscv64.deb
 1747110b95cb85aa574830d2d8299e4c 103860 net optional inetutils-tools_2.6-3+deb13u3_riscv64.deb
 0971403abf988b9e5d468005833cc710 83392 debug optional inetutils-traceroute-dbgsym_2.6-3+deb13u3_riscv64.deb
 28be9455938fb9b4623fe353d28ac2df 69636 net optional inetutils-traceroute_2.6-3+deb13u3_riscv64.deb
 a190455f56929cb19492f5c2ae0dbc11 13036 net optional inetutils_2.6-3+deb13u3_riscv64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpWtAFYomK/29mcYCqTndZcwOQoMFAmnL5icACgkQqTndZcwO
QoPocQ/+KgfU/wZoeAEBzJ45XApjQCeWVpu7MH/iAlF0Alc6aepduzH3uYSrkY1m
HoYpmZdFglJZ5f/hGsNmlmKjpt6ARHx6Wpb9fa9W+x2YMeFKXaVLDMf4s9Q72IlB
lyVp/c6xLrNF5YKipRElt6G8U0Ut7Z/MYce40I/voDFcwiCju6xn+R/IllmZylvX
DXRBHyd1W/m7P7sdVLOtB5EB4mPUjHCfZEF5Cn/2o7useM1o2lG+cL+wZ+qTBd+/
E0qFso43f+XslFmT0weuXzGz2/lAcGdMWLKg6z4Z/qXf+XTh68ZWgqZCO/wIWyt1
WYLz+OnuAuYn3x4rtAGGvN0wW4Iqp/yTpOTAKgdkIVPwEQg2o0iGAqM1Dzof4Yad
kFAkRaHayzhnmkOO+EUqG0F8fHUjmAvLjAQk9ibKJwMHmusSpmnUQ6j+vBAPhrUm
aMQEvDTIpYMHlxBinK78GrzA92bCOP8dQgCRRgrXAP/7aYOmg44epwa3JzNRIu2f
X6QMLWyB5SH2selaNzoUuTcpRDd7N/ukEo4eM0E2Mx7dyl4OYwPlJj73PAH56b7T
ToFrPI5F1C8d8YOmzS5tZ3zZMdnyzokkivpoLgMvAMAS+xG3fQb7fYh1Tc2lGb1s
nsiVoTM855UnnAdR4IJ6Kx1QX05xb93m++F/lN28djrl5uRh+SI=
=3YQ8
-----END PGP SIGNATURE-----