* Alexander Bochmann <[email protected]>, 2026-01-21 00:16:
...on 2026-01-20 15:00:07, Simon Josefsson wrote:
Vulnerable versions: GNU InetUtils since version 1.9.3 up to and
including version 2.7.
Looking at Debian, this gets even more hilarious... Their
changelog for inetutils has:
inetutils (2:1.9.4-7) unstable; urgency=medium
[..]
* Take several patches from upstream git master:
[..]
- 0028-telnetd-Scrub-USER-from-environment.patch
I think this is unrelated.
The bug is reproducible with inetutils-telnetd 2:1.9.4-7 too.
--
Jakub Wilk
