Bug#1138224: trixie-pu: package lwip/2.2.1+dfsg1-1

Fri, 29 May 2026 10:17:17 -0700 

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:lwip
User: [email protected]
Usertags: pu

Hi,

I fixed the CVE-2026-8836 in unstable and testing,
and would like to upload the fix to trixie.

The debdiff is attached.

Please tell me, should I backport this also to bookworm?
diff -Nru lwip-2.2.1+dfsg1/debian/changelog lwip-2.2.1+dfsg1/debian/changelog
--- lwip-2.2.1+dfsg1/debian/changelog	2025-03-01 19:47:48.000000000 +0100
+++ lwip-2.2.1+dfsg1/debian/changelog	2026-05-29 15:18:47.000000000 +0200
@@ -1,3 +1,9 @@
+lwip (2.2.1+dfsg1-1+deb13u1) trixie; urgency=medium
+
+  * Fix CVE-2026-8836
+
+ -- Joan Lledó <[email protected]>  Fri, 29 May 2026 15:18:47 +0200
+
 lwip (2.2.1+dfsg1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru lwip-2.2.1+dfsg1/debian/patches/CVE_2026_8836 lwip-2.2.1+dfsg1/debian/patches/CVE_2026_8836
--- lwip-2.2.1+dfsg1/debian/patches/CVE_2026_8836	1970-01-01 01:00:00.000000000 +0100
+++ lwip-2.2.1+dfsg1/debian/patches/CVE_2026_8836	2026-05-29 15:18:47.000000000 +0200
@@ -0,0 +1,28 @@
+Description: Fix CVE-2026-8836
+Forwarded: https://savannah.nongnu.org/bugs/?68194
+Author: 0rbitingZer0 <[email protected]>
+Last-Update: 2026-05-26
+
+---
+ src/apps/snmp/snmp_msg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/apps/snmp/snmp_msg.c b/src/apps/snmp/snmp_msg.c
+index f8c75bb7..156b36e3 100644
+--- a/src/apps/snmp/snmp_msg.c
++++ b/src/apps/snmp/snmp_msg.c
+@@ -946,9 +946,9 @@ snmp_parse_inbound_frame(struct snmp_request *request)
+     inbound_msgAuthenticationParameters_offset = pbuf_stream.offset;
+     LWIP_UNUSED_ARG(inbound_msgAuthenticationParameters_offset);
+     /* Read auth parameters */
+-    /* IF_PARSE_ASSERT(tlv.value_len <= SNMP_V3_MAX_AUTH_PARAM_LENGTH); */
++    IF_PARSE_ASSERT(tlv.value_len <= SNMP_V3_MAX_AUTH_PARAM_LENGTH);
+     IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->msg_authentication_parameters,
+-                                    &u16_value, tlv.value_len));
++                                    &u16_value, SNMP_V3_MAX_AUTH_PARAM_LENGTH));
+     request->msg_authentication_parameters_len = (u8_t)u16_value;
+ 
+     /* msgPrivacyParameters */
+-- 
+cgit v1.2.3
+
diff -Nru lwip-2.2.1+dfsg1/debian/patches/series lwip-2.2.1+dfsg1/debian/patches/series
--- lwip-2.2.1+dfsg1/debian/patches/series	2025-02-08 12:32:42.000000000 +0100
+++ lwip-2.2.1+dfsg1/debian/patches/series	2026-05-29 15:18:47.000000000 +0200
@@ -2,3 +2,4 @@
 empty_block_last
 max_sockets
 doxygen
+CVE_2026_8836

Reply via email to