| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0002-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch | [PATCH 2/2] ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return values Several setuid(), setgid(), seteuid() and setguid() return values were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially leading to potential security issues. |
Jeffrey Bencteux <jeffbencteux@gmail.com> | not-needed | upstream, commit:e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 | 2023-06-30 | |
| 0001-inetd-Change-protocol-semantics-in-inetd.conf.patch | [PATCH 1/2] inetd: Change protocol semantics in inetd.conf Readd parts of the original patch that got botched when applied upstream. * src/inetd.c (getconfigent) [IPV6]: Change default family to IPv4 for "tcp" and "udp". Change "tcp6" and "udp6" to support IPv4 mapped addresses. |
Guillem Jover <guillem@hadrons.org> | no | 2010-09-06 | ||
| 0002-build-Disable-GFDL-info-files-and-useless-man-pages.patch | [PATCH 2/2] build: Disable GFDL info files and useless man pages We do not install the info file due to GFDL, and because it would require an inetutils-doc package. Nor the man pages from upstream generated with help2man as they are problematic for cross-building and contain no additional information to what is already available via --help output. Instead we ship our own proper man pages. Not forwarded upstream due to GNU policies regarding man pages. |
Guillem Jover <guillem@hadrons.org> | no | 2010-06-09 | ||
| 0001-telnet-Add-checks-for-option-reply-parsing-limits.patch | [PATCH] telnet: Add checks for option reply parsing limits This fixes buffer overflows caused by for example: telnet -l`perl -e 'print "A"x5000'` localhost Taken from FreeBSD. |
Guillem Jover <guillem@hadrons.org> | no | 2021-09-03 | ||
| 0001-telnet-Don-t-infloop-for-malicious-server.patch | [PATCH] telnet: Don't infloop for malicious server. See https://bugs.debian.org/945861 and the tiny patch used by NetBSD: https://github.com/NetBSD/src/commit/36b8cfb2e28f691beae12da0c207086e1df0c8c4#diff-38b7213f9c6c21245fbeb4fad9520a27239d712a6dd0fea20dd6b77203b5737c * telnet/utilities.c (ExitString): Don't call SetForExit(). diff --git a/telnet/utilities.c b/telnet/utilities.c index 85fd4762..08571cd4 100644 |
Simon Josefsson <simon@josefsson.org> | no | 2021-09-03 | ||
| 0001-ftp-check-that-PASV-LSPV-addresses-match.patch | [PATCH] ftp: check that PASV/LSPV addresses match. * ftp/ftp.c (initconn): Validate returned addresses. |
Simon Josefsson <simon@josefsson.org> | no | 2021-09-01 | ||
| inetutils-telnetd-EC_EL_null_deref.patch | Fix remote DoS vulnerability in inetutils-telnetd This is caused by a crash by a NULL pointer dereference when sending the byte sequences 0xff 0xf7 or 0xff 0xf8. Authors: Pierre Kim (original patch), Alexandre Torres (original patch), Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch), |
yes | upstream | 2022-08-28 |