Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aaGJlbbLS7cp0H-i@thunder.hadrons.org>
Date: Fri, 27 Feb 2026 13:09:57 +0100
From: Guillem Jover <guillem@...ian.org>
To: Ron Ben Yizhak <ron.benyizhak@...ebreach.com>
Cc: Justin Swartz <justin.swartz@...ingedge.co.za>, bug-inetutils@....org,
	oss-security@...ts.openwall.com, simon@...efsson.org,
	auerswal@...x-ag.uni-kl.de,
	Salvatore Bonaccorso <carnil@...ian.org>
Subject: CVE-2026-28372: Telnetd Vulnerability Report

Hi!

On Tue, 2026-02-24 at 11:57:34 +0200, Ron Ben Yizhak wrote:
> I’d like to ensure we follow the standard CVE process here. Standard
> practice dictates that a CVE is issued per individual fix. Generally, once
> a fix is merged and released, it is assigned its own CVE. Even if that fix
> is later bypassed, the original merge stands as a unique event in the
> codebase, meaning we should issue two separate CVEs rather than grouping
> them.

Salvatore Bonaccorso from the Debian Security Team got a CVE assigned
for this, see <https://www.cve.org/CVERecord?id=CVE-2026-28372>. I'll
update the Debian packaging on the next upload to point to that.

Thanks,
Guillem

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.