[Git][security-tracker-team/security-tracker][master] Track CVE-2020-10188/inetutils as fixed via unstable

Salvatore Bonaccorso carnil at debian.org
Tue Apr 14 04:32:49 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38872a14 by Salvatore Bonaccorso at 2020-04-14T05:31:47+02:00
Track CVE-2020-10188/inetutils as fixed via unstable

Note though, that Guillem Jover is adding:

   * Add patch from Red Hat / Fedora:
     - Fix arbitrary remote code execution in telnetd via short writes or
       urgent data. Fixes CVE-2020-10188. Closes: #956084
       Thanks to Michal Ruprich <michalruprich at gmail.com>.
       Note: While the PoC exploit does not work on inetutils due to the
       different codebases, the adapted patch was close enough to apply almost
       directly, even though the information leak might appear to still remain.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3976,7 +3976,7 @@ CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenti
 CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
-	- inetutils <unfixed> (bug #956084)
+	- inetutils 2:1.9.4-12 (bug #956084)
 	- netkit-telnet 0.17-18woody2 (bug #953477)
 	- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
 	NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38872a147214d15583a37bfe5771e3910c14b40d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38872a147214d15583a37bfe5771e3910c14b40d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200414/01a9e7ff/attachment.html>

More information about the debian-security-tracker-commits mailing list