Guillem Jover <guil...@hadrons.org> writes: > [ Resending with To trimmed. ] > > Hi! > > On Tue, 2022-08-30 at 22:57:51 +0200, Guillem Jover wrote: >> On Sun, 2022-08-28 at 14:40:44 +0200, Erik Auerswald wrote: >> > On Sat, Aug 27, 2022 at 07:37:15PM +0200, Erik Auerswald wrote: >> > > someone has described a remote DoS vulnerability in >> > > many telnetd implementations that I just happened to >> > > stumble over: >> > > >> > > https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html >> > > >> > > The vulnerability is a NULL pointer dereference when >> > > reading either of two two byte sequences: >> > > >> > > 1: 0xff 0xf7 >> > > 2: 0xff 0xf8 >> > > >> > > The blog shows GNU Inetutils' telnetd as vulnerable: >> > > >> > > https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html#remote-dos-inetutils >> >> This has been assigned CVE-2022-39028 (I think from the Debian pool), >> after I reported it to the Debian security team. > > While it might have been nice to get this in the commit message, I > think it would still be nice to add a reference in the NEWS. :)
Added, thank you. https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6c3c6acaf352151c6155a8cd78fe490148d0e22a /Simon
signature.asc
Description: PGP signature