Bug#1016139:

The owner of ticket (Ticket#356382) has changed and is now "Steffen Rose". To provide additional information, please reply to this email or click on the following link:[1] http://vm-srv03.abx.local/#ticket/zoom/6384 [2] Zammad, your customer support system [1] http://vm-srv03.abx.local/#ticket/

Bug#1016139: For Review: Bug#1016139: (net-snmp: CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805)

On Wed, Aug 10, 2022 at 05:05:12PM +1000, Craig Small wrote: > > Do you have capacity to prepare updates for bullseye? > > > Yes, see attached debdiff for review. It's just those two patches. Looks good, thanks! Please upload to security-master. Cheers, Moritz

Bug#1016139: For Review: Bug#1016139: (net-snmp: CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805)

On Sun, 7 Aug 2022 at 23:29, Salvatore Bonaccorso wrote: > Did you got confirmation from upstream back if those are the only two > needed ones? > I got no message at all. However, these are the only two that mention the people that found the bug and fixed it (two sets of people). > Do you have

Bug#1016139: (net-snmp: CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805)

Hi Craig, On Fri, Jul 29, 2022 at 04:36:56PM +0200, Moritz Mühlenhoff wrote: > Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small: > > I said: > > > > > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the > > > changelog. > > > I'm trying to find where they've made the c

Bug#1016139: (net-snmp: CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805)

Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small: > I said: > > > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the > > changelog. > > I'm trying to find where they've made the changes to see if it is possible > > to get at least bullseye fixed. > > > I've had a look

Bug#1016139: (net-snmp: CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805)

I said: > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the > changelog. > I'm trying to find where they've made the changes to see if it is possible > to get at least bullseye fixed. > I've had a look and believe these two commits are the fixes: snmpd: fix bounds checking in NE

Bug#1016139: net-snmp: CVE-2022-24810 CVE-2022-24809 CVE-2022-24808 CVE-2022-24807 CVE-2022-24806 CVE-2022-24805

Source: net-snmp X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for net-snmp. 5.9.3 fixes the following issues: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow