Report forwarded to debian-bugs-dist@lists.debian.org, Robert Millan <rmh@debian.org>: Bug#273694; Package telnetd.
(full text, mbox, link).
Acknowledgement sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>:
New Bug report received and forwarded. Copy sent to Robert Millan <rmh@debian.org>.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Robert Millan <rmh@debian.org>: Bug#273694; Package telnetd.
(full text, mbox, link).
Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to Robert Millan <rmh@debian.org>.
(full text, mbox, link).
To: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>,
273694@bugs.debian.org
Subject: Re: Bug#273694: telnetd said to have security hole (remote root)
Date: Mon, 27 Sep 2004 10:59:08 -0700
On Mon, Sep 27, 2004 at 07:30:46PM +0200, Jeroen van Wolffelaar wrote:
> Package: telnetd
> Severity: grave
> Tags: security woody sarge sid
>
> Telnetd is said[1][2] to have a Debian-specific remote root security hole,
> in all suites, and Matt Zimmerman is said to have confirmed the issue for
> woody.
As far as we can tell, the issue is a DoS, and not in fact the old AYT bug
that Michal claims. We have a patch and are awaiting a CAN assignment for
this bug.
In other words, no cause for panic.
--
- mdz
Information forwarded to debian-bugs-dist@lists.debian.org, Robert Millan <rmh@debian.org>: Bug#273694; Package telnetd.
(full text, mbox, link).
Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to Robert Millan <rmh@debian.org>.
(full text, mbox, link).
To: Matt Zimmerman <mdz@debian.org>, 273694@bugs.debian.org
Subject: Re: Bug#273694: Patch
Date: Tue, 28 Sep 2004 00:31:04 +0200
On Mon, Sep 27, 2004 at 02:22:15PM -0700, Matt Zimmerman wrote:
> tags 273694 patch
> thanks
>
> Patch from Herbert Xu to fix the bug.
Thanks. Fixed in unstable. Will you take care of woody/sarge?
--
.''`. Proudly running Debian GNU/kFreeBSD unstable/unreleased (on UFS2+S)
: :' :
`. `' http://www.debian.org/ports/kfreebsd-gnu
`-
Information forwarded to debian-bugs-dist@lists.debian.org, Robert Millan <rmh@debian.org>: Bug#273694; Package telnetd.
(full text, mbox, link).
Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to Robert Millan <rmh@debian.org>.
(full text, mbox, link).
On Tue, Sep 28, 2004 at 12:31:04AM +0200, Robert Millan wrote:
> On Mon, Sep 27, 2004 at 02:22:15PM -0700, Matt Zimmerman wrote:
> > tags 273694 patch
> > thanks
> >
> > Patch from Herbert Xu to fix the bug.
>
> Thanks. Fixed in unstable. Will you take care of woody/sarge?
woody, yes. sarge will either need the fix from unstable, or a
proposed-updates upload from you.
--
- mdz
Reply sent to Robert Millan <rmh@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Jeroen van Wolffelaar <jeroen@wolffelaar.nl>:
Bug acknowledged by developer.
(full text, mbox, link).
Subject: Bug#273694: fixed in netkit-telnet 0.17-26
Date: Mon, 27 Sep 2004 18:47:05 -0400
Source: netkit-telnet
Source-Version: 0.17-26
We believe that the bug you reported is fixed in the latest version of
netkit-telnet, which is due to be installed in the Debian FTP archive:
netkit-telnet_0.17-26.diff.gz
to pool/main/n/netkit-telnet/netkit-telnet_0.17-26.diff.gz
netkit-telnet_0.17-26.dsc
to pool/main/n/netkit-telnet/netkit-telnet_0.17-26.dsc
telnet_0.17-26_i386.deb
to pool/main/n/netkit-telnet/telnet_0.17-26_i386.deb
telnetd_0.17-26_i386.deb
to pool/main/n/netkit-telnet/telnetd_0.17-26_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 273694@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Robert Millan <rmh@debian.org> (supplier of updated netkit-telnet package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Sep 2004 00:22:59 +0200
Source: netkit-telnet
Binary: telnetd telnet
Architecture: source i386
Version: 0.17-26
Distribution: unstable
Urgency: high
Maintainer: Robert Millan <rmh@debian.org>
Changed-By: Robert Millan <rmh@debian.org>
Description:
telnet - The telnet client.
telnetd - The telnet server.
Closes: 273694
Changes:
netkit-telnet (0.17-26) unstable; urgency=high
.
* telnetd/utility.c: Fix remote DOS hole (CAN-2004-0911). Thanks Herbert Xu.
(Closes: #273694)
Files:
a4f1cf736c480d339911b6c8a8a191f1 589 net standard netkit-telnet_0.17-26.dsc
bd782bc1a02ac832d5f66f0ffc4a356e 25188 net standard netkit-telnet_0.17-26.diff.gz
7a102906bb5576c94f31758fb46224e4 63840 net standard telnet_0.17-26_i386.deb
3f3fb892a4b322d967150bf263897ffa 40628 net optional telnetd_0.17-26_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBWJbmC19io6rUCv8RAholAJ90G1nWykTZcNTqiC6YqOtuBAWRxQCcCAP0
BauhZG7zC50VoFBug1VnQmU=
=usO9
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.