[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: telnetd security vulnerability CVE-2020-10188

From: Guillem Jover
Subject: Re: telnetd security vulnerability CVE-2020-10188
Date: Sat, 11 Apr 2020 20:06:20 +0200

On Sat, 2020-04-11 at 13:03:34 -0400, Alfred M. Szmidt wrote:
>    > Thank you for your bug report, please specify which inetutils versions
>    > you are refering to in pristine condition without any patches.  You
>    > mention an assert, which assert exactly?
>    The inetutils version in Debian is based off upstream's 1.9.4 with
>    30 patches from upstream git master, plus 7 local patches (only 3
>    of which are pending and relevant to be sent upstream) and all of
>    these local patches are completely irrelevant to the issue at hand.
> That is a premature, and irresponsible decision to make.  Those that
> maintain inetutils cannot possible know that.
>    The assert is from the python PoC itself. I also mentioned that I've
>    not done any proper analysis on anything, not even properly read the
>    full advisory, and while my guess is that upstream pristine inetutils
>    is pretty much affected, I cannot confirm it. But provided enough
>    information, links and context to go from here, which apparently has
>    gone unread.
> Clearly, that isn't the case -- since _I_ answer the email.  What is
> clear is that Debian has no interest in working with upstream.  You
> are more insistant to put blame on people working on the code than
> actually take responsibility and trying to corect the situation.

Oh wow, this is all from the start a great example of the GNU Kind
Communication Guidelines being in play…

>    So please, someone, take a proper look at the aforementioned information,
>    and go from there.
> Can you do so, instead of goin off tangets?

Err, seriously? No… right now I've got zero motivation to even think
about dealing with this… I'm out.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]