new file mode 100644
@@ -0,0 +1,72 @@
+From 1949388e52acd343bb3e366d816b33912e38db39 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@debian.org>
+Date: Sun, 28 Aug 2022 15:07:29 +0200
+Subject: [PATCH] Fix remote DoS vulnerability in inetutils-telnetd
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is caused by a crash by a NULL pointer dereference when sending
+the byte sequences «0xff 0xf7» or «0xff 0xf8».
+
+Found-by: Pierre Kim and Alexandre Torres
+Patch-adapted-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
+
+CVE: CVE-2022-39028
+Upstream-Status: Backport [https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ .../inetutils-telnetd-EC_EL_null_deref.patch | 43 +++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+ create mode 100644 debian/patches/inetutils-telnetd-EC_EL_null_deref.patch
+
+diff --git a/debian/patches/inetutils-telnetd-EC_EL_null_deref.patch b/debian/patches/inetutils-telnetd-EC_EL_null_deref.patch
+new file mode 100644
+index 0000000..fac5e3f
+--- /dev/null
++++ b/debian/patches/inetutils-telnetd-EC_EL_null_deref.patch
+@@ -0,0 +1,43 @@
++Description: Fix remote DoS vulnerability in inetutils-telnetd
++ This is caused by a crash by a NULL pointer dereference when sending the
++ byte sequences «0xff 0xf7» or «0xff 0xf8».
++Authors:
++ Pierre Kim (original patch),
++ Alexandre Torres (original patch),
++ Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
++Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
++Origin: upstream
++Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
++Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
++Last-Update: 2022-08-28
++
++
++diff --git a/telnetd/state.c b/telnetd/state.c
++index ffc6cbaf..c2d760f8 100644
++--- a/telnetd/state.c
+++++ b/telnetd/state.c
++@@ -312,15 +312,21 @@ telrcv (void)
++ case EC:
++ case EL:
++ {
++- cc_t ch;
+++ cc_t ch = (cc_t) (_POSIX_VDISABLE);
++
++ DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
++ ptyflush (); /* half-hearted */
++ init_termbuf ();
++ if (c == EC)
++- ch = *slctab[SLC_EC].sptr;
+++ {
+++ if (slctab[SLC_EC].sptr)
+++ ch = *slctab[SLC_EC].sptr;
+++ }
++ else
++- ch = *slctab[SLC_EL].sptr;
+++ {
+++ if (slctab[SLC_EL].sptr)
+++ ch = *slctab[SLC_EL].sptr;
+++ }
++ if (ch != (cc_t) (_POSIX_VDISABLE))
++ pty_output_byte ((unsigned char) ch);
++ break;
@@ -14,6 +14,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/netkit-telnet_${PV}.orig.tar.gz
file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \
file://CVE-2020-10188.patch \
file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \
+ file://CVE-2022-39028.patch \
"
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/"
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39028 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../netkit-telnet/files/CVE-2022-39028.patch | 72 +++++++++++++++++++ .../netkit-telnet/netkit-telnet_0.17.bb | 1 + 2 files changed, 73 insertions(+) create mode 100644 meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch