On Wed, Aug 10, 2022 at 05:05:12PM +1000, Craig Small wrote:
> > Do you have capacity to prepare updates for bullseye?
> >
> Yes, see attached debdiff for review. It's just those two patches.
Looks good, thanks! Please upload to security-master.
Cheers,
Moritz
On Sun, 7 Aug 2022 at 23:29, Salvatore Bonaccorso wrote:
> Did you got confirmation from upstream back if those are the only two
> needed ones?
>
I got no message at all. However, these are the only two that mention the
people that found the bug and fixed it (two sets of people).
> Do you have
Hi Craig,
On Fri, Jul 29, 2022 at 04:36:56PM +0200, Moritz Mühlenhoff wrote:
> Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small:
> > I said:
> >
> > > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the
> > > changelog.
> > > I'm trying to find where they've made the
Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small:
> I said:
>
> > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the
> > changelog.
> > I'm trying to find where they've made the changes to see if it is possible
> > to get at least bullseye fixed.
> >
> I've had a look
I said:
> I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the
> changelog.
> I'm trying to find where they've made the changes to see if it is possible
> to get at least bullseye fixed.
>
I've had a look and believe these two commits are the fixes:
snmpd: fix bounds checking in
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for net-snmp.
5.9.3 fixes the following issues:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow
6 matches
Mail list logo
