[Git][security-tracker-team/security-tracker][master] Reserve DSA number for inetutils update

Fri Apr 3 13:40:25 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93f67d00 by Salvatore Bonaccorso at 2026-04-03T14:39:53+02:00
Reserve DSA number for inetutils update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22395,11 +22395,12 @@ CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
 CVE-2026-28372 (telnetd in GNU inetutils through 2.7 allows privilege escalation that  ...)
 	{DSA-6144-1}
 	- inetutils 2:2.7-3
-	[bookworm] - inetutils <ignored> (Not exploitable with util-linux/login Version in Debian bookworm)
+	[bookworm] - inetutils 2:2.4-2+deb12u3
 	[bullseye] - inetutils <ignored> (Not exploitable with util-linux/login Version in Debian bullseye)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html
 	NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=4db2f19f4caac03c7f4da6363c140bd70df31386
 	NOTE: systemd service credentials support for login(1) from util-linux introduced in 2.40 release
+	NOTE: Not exploitable with util-linux/logins versions before adding this support.
 CVE-2026-2545 (A weakness has been identified in LigeroSmart up to 6.1.26. Impacted i ...)
 	NOT-FOR-US: LigeroSmart
 CVE-2026-2544 (A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. Th ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[03 Apr 2026] DSA-6193-1 inetutils - security update
+	{CVE-2026-32746 CVE-2026-32772}
+	[bookworm] - inetutils 2:2.4-2+deb12u3
+	[trixie] - inetutils 2:2.6-3+deb13u3
 [02 Apr 2026] DSA-6192-1 chromium - security update
 	{CVE-2026-5272 CVE-2026-5273 CVE-2026-5274 CVE-2026-5275 CVE-2026-5276 CVE-2026-5277 CVE-2026-5278 CVE-2026-5279 CVE-2026-5280 CVE-2026-5281 CVE-2026-5282 CVE-2026-5283 CVE-2026-5284 CVE-2026-5285 CVE-2026-5286 CVE-2026-5287 CVE-2026-5288 CVE-2026-5289 CVE-2026-5290 CVE-2026-5291 CVE-2026-5292}
 	[bookworm] - chromium 146.0.7680.177-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -33,9 +33,6 @@ git-lfs
 --
 imagemagick/oldstable
 --
-inetutils
-  Maintainer prepared debdiff for trixie, next on bookworm
---
 isc-kea/oldstable
 --
 jackson-core



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93f67d000615b2665ba65c9fb2c579e61cea3a40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93f67d000615b2665ba65c9fb2c579e61cea3a40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/4a56412c/attachment-0001.htm>
