Package: sysrqd Version: 14-1+b2 Severity: normal Dear Maintainer,
version of sysrqd packaged in Debian has bug in check of inet_aton() return value. You already have a fix for it in your upstream: https://github.com/jd/sysrqd/commit/0e087c65200f5bbea8c22faea1a4643a1035cb85 Can you please update sysrqd package, so this patch will get to the Debian? I think, someone may consider this even as a security issue: If admin tries to configure sysrqd to listen only on local ip address (e.g. management network), sysrqd will instead bind to all addresses - including the publicly available. Thank you, Jan -- System Information: Debian Release: 10.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages sysrqd depends on: ii libc6 2.28-10 sysrqd recommends no packages. sysrqd suggests no packages. -- no debconf information