[Git][security-tracker-team/security-tracker][master] CVE-2026-28372/inetutils assigned

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
517f6a20 by Salvatore Bonaccorso at 2026-02-27T06:58:15+01:00
CVE-2026-28372/inetutils assigned

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4913,9 +4913,8 @@ CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at 
rgbe.c]
        NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
        NOTE: Same fix as for CVE-2026-2050 (main tracked upstream, considered 
duplicate)
-CVE-2026-XXXX [telnetd: don't allow systemd service credentials]
+CVE-2026-28372 [telnetd: don't allow systemd service credentials]
        - inetutils 2:2.7-3
-       [trixie] - inetutils 2:2.6-3+deb13u2
        [bookworm] - inetutils <ignored> (Not exploitable with util-linux/login 
Version in Debian bookworm)
        [bullseye] - inetutils <ignored> (Not exploitable with util-linux/login 
Version in Debian bullseye)
        NOTE: 
https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html


=====================================
data/DSA/list
=====================================
@@ -26,6 +26,7 @@
        [bookworm] - nova 2:26.2.2-1~deb12u4
        [trixie] - nova 2:31.0.0-6+deb13u2
 [19 Feb 2026] DSA-6144-1 inetutils - security update
+       {CVE-2026-28372}
        [trixie] - inetutils 2:2.6-3+deb13u2
 [19 Feb 2026] DSA-6143-1 libvpx - security update
        {CVE-2026-2447}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/517f6a20b6d66ac2b24d4b8d94ac1330abe01ebb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/517f6a20b6d66ac2b24d4b8d94ac1330abe01ebb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits