diff -pruN 2:2.4-2/debian/changelog 2:2.4-2ubuntu2/debian/changelog
--- 2:2.4-2/debian/changelog	2023-01-17 23:23:52.000000000 +0000
+++ 2:2.4-2ubuntu2/debian/changelog	2023-09-13 16:52:04.000000000 +0000
@@ -1,3 +1,19 @@
+inetutils (2:2.4-2ubuntu2) mantic; urgency=medium
+
+  * SECURITY UPDATE: Privilege escalation
+    - debian/patches/CVE-2023-40303.patch: check setuid, setguid return values
+      in ftpd/ftpd.c, src/rpc.c, src/rlogin.c, src/rsh.c, src/rshd.c,
+      src/uucpd.c.
+    - CVE-2023-40303
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 13 Sep 2023 13:52:04 -0300
+
+inetutils (2:2.4-2ubuntu1) lunar; urgency=medium
+
+  * Do not test the inetutils-ping package (LP: #2009814)
+
+ -- Dominik Viererbe <dominik.viererbe@canonical.com>  Thu, 23 Mar 2023 11:32:35 +0200
+
 inetutils (2:2.4-2) unstable; urgency=medium
 
   * Add support for new RFC4443 ICMPv6 destination unreachable codes.
diff -pruN 2:2.4-2/debian/control 2:2.4-2ubuntu2/debian/control
--- 2:2.4-2/debian/control	2023-01-17 23:23:52.000000000 +0000
+++ 2:2.4-2ubuntu2/debian/control	2023-03-23 09:32:35.000000000 +0000
@@ -1,7 +1,8 @@
 Source: inetutils
 Section: net
 Priority: optional
-Maintainer: Guillem Jover <guillem@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Guillem Jover <guillem@debian.org>
 Vcs-Browser: https://git.hadrons.org/cgit/debian/pkgs/inetutils.git
 Vcs-Git: https://git.hadrons.org/git/debian/pkgs/inetutils.git
 Homepage: https://www.gnu.org/software/inetutils/
diff -pruN 2:2.4-2/debian/patches/CVE-2023-40303.patch 2:2.4-2ubuntu2/debian/patches/CVE-2023-40303.patch
--- 2:2.4-2/debian/patches/CVE-2023-40303.patch	1970-01-01 00:00:00.000000000 +0000
+++ 2:2.4-2ubuntu2/debian/patches/CVE-2023-40303.patch	2023-09-13 16:52:04.000000000 +0000
@@ -0,0 +1,275 @@
+From e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+---
+ ftpd/ftpd.c  | 10 +++++++---
+ src/rcp.c    | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c    | 25 +++++++++++++++++++++----
+ src/rshd.c   | 20 +++++++++++++++++---
+ src/uucpd.c  | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+Index: inetutils-2.4/ftpd/ftpd.c
+===================================================================
+--- inetutils-2.4.orig/ftpd/ftpd.c
++++ inetutils-2.4/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
++
+   if (pcred->logged_in)
+     {
+       logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+     return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+     goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else	/* !AF_INET6 */
+     ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+     {
+       if (seteuid ((uid_t) cred.uid))
+Index: inetutils-2.4/src/rcp.c
+===================================================================
+--- inetutils-2.4.orig/src/rcp.c
++++ inetutils-2.4/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+   if (from_option)
+     {				/* Follow "protocol", send data. */
+       response ();
+-      setuid (userid);
++
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       source (argc, argv);
+       exit (errs);
+     }
+ 
+   if (to_option)
+     {				/* Receive data. */
+-      setuid (userid);
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       sink (argc, argv);
+       exit (errs);
+     }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *ar
+ 	      if (response () < 0)
+ 		exit (EXIT_FAILURE);
+ 	      free (bp);
+-	      setuid (userid);
++
++	      if (setuid (userid) == -1)
++              {
++                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++              }
+ 	    }
+ 	  source (1, argv + i);
+ 	  close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+ 	  ++errs;
+ 	  continue;
+ 	}
+-      seteuid (userid);
++
++      if (seteuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++      }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+       (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+       vect[0] = target;
+       sink (1, vect);
+-      seteuid (effuid);
++
++      if (seteuid (effuid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++      }
++
+       close (rem);
+       rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+       return (127);
+ 
+     case 0:
+-      setuid (userid);
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+     }
+Index: inetutils-2.4/src/rlogin.c
+===================================================================
+--- inetutils-2.4.orig/src/rlogin.c
++++ inetutils-2.4/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+   /* Now change to the real user ID.  We have to be set-user-ID root
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+-  seteuid (uid);
+-  setuid (uid);
++  if (seteuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++  }
++
++  if (setuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++  }
+ 
+   doit (&osmask);	/* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+Index: inetutils-2.4/src/rsh.c
+===================================================================
+--- inetutils-2.4.orig/src/rsh.c
++++ inetutils-2.4/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+     {
+       if (asrsh)
+ 	*argv = (char *) "rlogin";
+-      seteuid (getuid ());
+-      setuid (getuid ());
++
++      if (seteuid (getuid ()) == -1)
++      {
++        error (EXIT_FAILURE, errno, "seteuid() failed");
++      }
++
++      if (setuid (getuid ()) == -1)
++      {
++        error (EXIT_FAILURE, errno, "setuid() failed");
++      }
++
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+     }
+@@ -541,8 +550,16 @@ try_connect:
+ 	error (0, errno, "setsockopt DEBUG (ignored)");
+     }
+ 
+-  seteuid (uid);
+-  setuid (uid);
++  if (seteuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, errno, "seteuid() failed");
++  }
++
++  if (setuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, errno, "setuid() failed");
++  }
++
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+   sigaddset (&sigs, SIGINT);
+Index: inetutils-2.4/src/rshd.c
+===================================================================
+--- inetutils-2.4.orig/src/rshd.c
++++ inetutils-2.4/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp
+     pwd->pw_shell = PATH_BSHELL;
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+-  setegid ((gid_t) pwd->pw_gid);
+-  setgid ((gid_t) pwd->pw_gid);
++  if (setegid ((gid_t) pwd->pw_gid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setegid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
++
++  if (setgid ((gid_t) pwd->pw_gid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setgid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
++
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);	/* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp
+     }
+ #endif /* WITH_PAM */
+ 
+-  setuid ((uid_t) pwd->pw_uid);
++  if (setuid ((uid_t) pwd->pw_uid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setuid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+Index: inetutils-2.4/src/uucpd.c
+===================================================================
+--- inetutils-2.4.orig/src/uucpd.c
++++ inetutils-2.4/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t sa
+   snprintf (Username, sizeof (Username), "USER=%s", user);
+   snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+   dologin (pw, sap, salen);
+-  setgid (pw->pw_gid);
++
++  if (setgid (pw->pw_gid) == -1)
++  {
++    fprintf (stderr, "setgid() failed");
++    return;
++  }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t sa
+       fprintf (stderr, "Login incorrect.");
+       return;
+     }
+-  setuid (pw->pw_uid);
++
++  if (setuid (pw->pw_uid) == -1)
++  {
++    fprintf (stderr, "setuid() failed");
++    return;
++  }
++
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
+ }
diff -pruN 2:2.4-2/debian/patches/series 2:2.4-2ubuntu2/debian/patches/series
--- 2:2.4-2/debian/patches/series	2023-01-17 23:23:52.000000000 +0000
+++ 2:2.4-2ubuntu2/debian/patches/series	2023-09-13 16:52:04.000000000 +0000
@@ -5,3 +5,4 @@
 0002-build-Use-runstatedir-for-run-directory.patch
 0003-inetd-Change-protocol-semantics-in-inetd.conf.patch
 0004-Use-krb5_auth_con_getsendsubkey-instead-of-krb5_auth.patch
+CVE-2023-40303.patch
diff -pruN 2:2.4-2/debian/tests/control 2:2.4-2ubuntu2/debian/tests/control
--- 2:2.4-2/debian/tests/control	2022-09-03 17:24:46.000000000 +0000
+++ 2:2.4-2ubuntu2/debian/tests/control	2023-03-23 09:32:35.000000000 +0000
@@ -28,7 +28,6 @@ Depends:
  net-tools,
  inetutils-ftp,
  inetutils-ftpd,
- inetutils-ping,
  inetutils-traceroute,
 Restrictions:
  allow-stderr
diff -pruN 2:2.4-2/debian/tests/test-root-commands 2:2.4-2ubuntu2/debian/tests/test-root-commands
--- 2:2.4-2/debian/tests/test-root-commands	2022-09-03 17:24:46.000000000 +0000
+++ 2:2.4-2ubuntu2/debian/tests/test-root-commands	2023-03-23 09:32:35.000000000 +0000
@@ -7,10 +7,10 @@ autoreconf -f -i
   --disable-libls \
   --disable-servers \
   --disable-clients \
+  --disable-ping \
+  --disable-ping6 \
   --enable-ftp \
   --enable-ftpd \
-  --enable-ping \
-  --enable-ping6 \
   --enable-traceroute \
   # EOL
 
@@ -20,8 +20,6 @@ export VERBOSE=1
 
 export FTP=$(command -v inetutils-ftp)
 export FTPD=$(command -v ftpd)
-export PING6=$(command -v ping6)
-export PING=$(command -v ping)
 export TRACEROUTE=$(command -v inetutils-traceroute)
 
 make -C lib 2>&1