[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: telnetd security vulnerability CVE-2020-10188

From: Alfred M. Szmidt
Subject: Re: telnetd security vulnerability CVE-2020-10188
Date: Sat, 11 Apr 2020 13:03:34 -0400

   > Thank you for your bug report, please specify which inetutils versions
   > you are refering to in pristine condition without any patches.  You
   > mention an assert, which assert exactly?

   The inetutils version in Debian is based off upstream's 1.9.4 with
   30 patches from upstream git master, plus 7 local patches (only 3
   of which are pending and relevant to be sent upstream) and all of
   these local patches are completely irrelevant to the issue at hand.

That is a premature, and irresponsible decision to make.  Those that
maintain inetutils cannot possible know that.

   The assert is from the python PoC itself. I also mentioned that I've
   not done any proper analysis on anything, not even properly read the
   full advisory, and while my guess is that upstream pristine inetutils
   is pretty much affected, I cannot confirm it. But provided enough
   information, links and context to go from here, which apparently has
   gone unread.

Clearly, that isn't the case -- since _I_ answer the email.  What is
clear is that Debian has no interest in working with upstream.  You
are more insistant to put blame on people working on the code than
actually take responsibility and trying to corect the situation.

   So please, someone, take a proper look at the aforementioned information,
   and go from there.

Can you do so, instead of goin off tangets?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]