Package: sysrqd
Version: 14-1+b2
Severity: normal
Dear Maintainer,
version of sysrqd packaged in Debian has bug in check of inet_aton() return
value.
You already have a fix for it in your upstream:
https://github.com/jd/sysrqd/commit/0e087c65200f5bbea8c22faea1a4643a1035cb85
Can you please update sysrqd package, so this patch will get to the Debian?
I think, someone may consider this even as a security issue: If admin tries to
configure sysrqd to listen only on local ip address (e.g. management network),
sysrqd will instead bind to all addresses - including the publicly available.
Thank you,
Jan
-- System Information:
Debian Release: 10.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages sysrqd depends on:
ii libc6 2.28-10
sysrqd recommends no packages.
sysrqd suggests no packages.
-- no debconf information
