Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small: > I said: > > > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the > > changelog. > > I'm trying to find where they've made the changes to see if it is possible > > to get at least bullseye fixed. > > > I've had a look and believe these two commits are the fixes: > > snmpd: fix bounds checking in NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, > SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB > https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 > > snmpd: recover SET status from delegated request > https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 > > Both sets of commits look pretty clear and simple to implement. I've asked > upstream to confirm these are the only two patches.
Ack, thanks! Cheers, Moritz