I've been notified of a security vulnerability in inetutils telnetd, which was reported initially against netkit-telnet, but that one has been fixed in Debian for a very long time (around two decades ago [N]).
Thank you for your bug report, please specify which inetutils versions you are refering to in pristine condition without any patches. You mention an assert, which assert exactly? And since Debian supposedly fixed this two decades ago, why have they not sent this to upstream? The nonchalance from Debian by refusing to report bugs to upstream is getting quite tiresome.
