Hi Wes Thanks for clarifying. On Tue, 4 Nov 2008 01:49:06 am Wes Hardaker wrote: > >>>>> On Sat, 1 Nov 2008 20:47:38 +1100, Steffen Joeris > >>>>> <[EMAIL PROTECTED]> said: > > SJ> In Debian stable, we are shipping version 5.2.3 and I was wondering, > SJ> if it is vulnerable as well. > > Yes, it is vulnerable. Note that we released a 5.2.5.1 as well to > update that line of code. Any chance you can update to 5.2.5.1 as a fix > (is there a reason you're sticking with 5.2.3?). > > (the code is different but the issue is still there) This version of net-snmp was released with etch (our stable version) and unfortunately it is not possible to increase the upstream version there. However, we are releasing soon (lenny) and then we'll have a newer net-snmp version. Is there any chance you can provide a backported fix? It would be much appreciated and I won't have time to look into it until Thursday :(
Cheers Steffen
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
