[Git][security-tracker-team/security-tracker][master] CVE-2026-28372/inetutils assigned

Fri Feb 27 05:58:52 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
517f6a20 by Salvatore Bonaccorso at 2026-02-27T06:58:15+01:00
CVE-2026-28372/inetutils assigned

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4913,9 +4913,8 @@ CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
 	NOTE: Same fix as for CVE-2026-2050 (main tracked upstream, considered duplicate)
-CVE-2026-XXXX [telnetd: don't allow systemd service credentials]
+CVE-2026-28372 [telnetd: don't allow systemd service credentials]
 	- inetutils 2:2.7-3
-	[trixie] - inetutils 2:2.6-3+deb13u2
 	[bookworm] - inetutils <ignored> (Not exploitable with util-linux/login Version in Debian bookworm)
 	[bullseye] - inetutils <ignored> (Not exploitable with util-linux/login Version in Debian bullseye)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html


=====================================
data/DSA/list
=====================================
@@ -26,6 +26,7 @@
 	[bookworm] - nova 2:26.2.2-1~deb12u4
 	[trixie] - nova 2:31.0.0-6+deb13u2
 [19 Feb 2026] DSA-6144-1 inetutils - security update
+	{CVE-2026-28372}
 	[trixie] - inetutils 2:2.6-3+deb13u2
 [19 Feb 2026] DSA-6143-1 libvpx - security update
 	{CVE-2026-2447}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/517f6a20b6d66ac2b24d4b8d94ac1330abe01ebb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/517f6a20b6d66ac2b24d4b8d94ac1330abe01ebb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260227/1aaedaaf/attachment-0001.htm>
