Debian Security Advisory 569-1 - invalid free(3) in netkit-telnet-ssl. This advisory describes patching for a hole found in netkit-telnet-ssl which may allow for remote code execution as whatever user runs telnetd, which would typically be the telnetd user. The issue is corrected in 0.17.17+0.1-2woody2 (stable) or 0.17.24+0.1-4 (unstable). Issue discovered by Michal Zalewski.
4c9cedabacc6129768c28a491660d95ee2da7fdf06dfe2847138a00934f1b34f
Debian Security Advisory DSA 556-1 - Due to a bug in the netkit-telnet server (telnetd), an a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
ec4755f9d76dfa4e46939a05ae1657c36bf2ae1df7bb22a5ed874747052b57ad