* Andreas Henriksson <andr...@fatal.se> [210215 01:29]: > On Sun, Feb 07, 2021 at 09:06:28PM +0100, Salvatore Bonaccorso wrote: > It's not like inetutils is a shining example of perfectness either. > > #945861 inetutils: CVE-2019-0053 > > The inetutils also doesn't ship all tools and recommends > using existing ones including netkit (eg. in #672295). [..]
> > > 1) open bug #974428, causes telnetd to crash, remotely triggerable > > > > The first issue, if there a verified patch might be good to fix in > > time for bullseye. > > I've pondered uploading the posted patch and since the last maintainer > upload was in 2016 I'd orphan the package while doing so.... but I'll > consider hijacking it on Christoph Biedl's behalf if he's interested > in maintaining it still. > > Unless there's a conclusion about this bug report I don't really see > much point in proceeding though. I was hoping someone would jump in here and say "I'm using a telnet server in 2021, and want to maintain it". But... not happening apparently. Personally I would favor keeping netkit-telnet, but turning off telnetd. As Salvatore said, this might have to wait for bookworm. Maybe upload the patch now (closing both bugs), and I'll see if I remember to remove telnetd for bookworm? :-) Chris