Source: net-snmp Version: 5.7.3+dfsg-5+deb10u1 Severity: important X-Debbugs-Cc: car...@debian.org,t...@security.debian.org Control: affects -1 + release.debian.org,security.debian.org
Hi Craig, The fix for CVE-2020-15862 appears to have introduced an issue that nsExtendCacheTime cannot be modified anymore. I have not seen reports in Debian so far that, and given it might be rather an edge case, can you fix the issue via the upcoming point release? The Ubuntu report is at https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1892980 (which lead to "USN-4471-2: Net-SNMP regression" to be issued (https://ubuntu.com/security/notices/USN-4471-2). Detailed reproduction steps are described in https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1892980/comments/6 . https://github.com/net-snmp/net-snmp/commit/d8b12900629ed73a78b27535f08c4f0a721a93be appears to be the relevant fix needed, comparing with the Ubuntu update. Regards, Salvatore