Am Thu, Jul 28, 2022 at 09:25:44PM +1000 schrieb Craig Small:
> I said:
>
> > I had uploaded net-snmp 5.9.3 anyway but I'll add those CVEs to the
> > changelog.
> > I'm trying to find where they've made the changes to see if it is possible
> > to get at least bullseye fixed.
> >
> I've had a look and believe these two commits are the fixes:
>
> snmpd: fix bounds checking in NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB,
> SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
> https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
>
> snmpd: recover SET status from delegated request
> https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341
>
> Both sets of commits look pretty clear and simple to implement. I've asked
> upstream to confirm these are the only two patches.
Ack, thanks!
Cheers,
Moritz
