oss-sec mailing list archives

CVE-2026-28372: Telnetd Vulnerability Report

From: Guillem Jover <guillem () debian org>
Date: Fri, 27 Feb 2026 13:09:57 +0100

Hi!

On Tue, 2026-02-24 at 11:57:34 +0200, Ron Ben Yizhak wrote:

I’d like to ensure we follow the standard CVE process here. Standard
practice dictates that a CVE is issued per individual fix. Generally, once
a fix is merged and released, it is assigned its own CVE. Even if that fix
is later bypassed, the original merge stands as a unique event in the
codebase, meaning we should issue two separate CVEs rather than grouping
them.


Salvatore Bonaccorso from the Debian Security Team got a CVE assigned
for this, see <https://www.cve.org/CVERecord?id=CVE-2026-28372>. I'll
update the Debian packaging on the next upload to point to that.

Thanks,
Guillem

Current thread:

Re: Telnetd Vulnerability Report, (continued)
- - Re: Telnetd Vulnerability Report Solar Designer (Feb 23)
    - Re: Telnetd Vulnerability Report Justin Swartz (Mar 07)
    - Re: Telnetd Vulnerability Report Solar Designer (Mar 07)
    - Re: Telnetd Vulnerability Report Justin Swartz (Mar 07)
    - Re: Telnetd Vulnerability Report Justin Swartz (Mar 07)
    - Re: Telnetd Vulnerability Report Solar Designer (Mar 08)
    - Re: Telnetd Vulnerability Report Justin Swartz (Mar 08)
    - Re: Telnetd Vulnerability Report Solar Designer (Mar 08)
    - Re: Re: Telnetd Vulnerability Report Pat Gunn (Mar 07)
- Re: Telnetd Vulnerability Report Ron Ben Yizhak (Feb 24)
  - CVE-2026-28372: Telnetd Vulnerability Report Guillem Jover (Feb 27)
    - Re: CVE-2026-28372: Telnetd Vulnerability Report Solar Designer (Mar 06)
    - Re: CVE-2026-28372: Telnetd Vulnerability Report Guillem Jover (Mar 06)
    - Re: CVE-2026-28372: Telnetd Vulnerability Report Salvatore Bonaccorso (Mar 07)
    - Re: CVE-2026-28372: Telnetd Vulnerability Report Guillem Jover (Mar 07)
- Message not available
  - Re: Re: Telnetd Vulnerability Report kf503bla (Feb 24)
    - Re: Telnetd Vulnerability Report Solar Designer (Feb 24)
    - Re: Telnetd Vulnerability Report Lyndon Nerenberg (VE7TFX/VE6BBM) (Feb 24)
    - Re: Telnetd Vulnerability Report Vincent Lefevre (Feb 24)
    - Message not available
    - Re: Telnetd Vulnerability Report kf503bla (Feb 25)
    - Re: Telnetd Vulnerability Report Solar Designer (Feb 25)

(Thread continues...)