Your message dated Tue, 03 Jun 2008 14:32:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482333: fixed in net-snmp 5.4.1~dfsg-8
has caused the Debian Bug report #482333,
regarding net-snmp: CVE-2008-2292 buffer overflow in __snprint_value function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
482333: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482333
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: net-snmp
Version: 5.2.0-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.
CVE-2008-2292[0]:
| Buffer overflow in the __snprint_value function in snmp_get in
| Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows
| remote attackers to cause a denial of service (crash) and possibly
| execute arbitrary code via a large OCTETSTRING in an attribute value
| pair (AVP).
Patch for 5.4 branch:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
http://security-tracker.debian.net/tracker/CVE-2008-2292
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgppuFi8H0yDp.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.4.1~dfsg-8
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:
libsnmp-base_5.4.1~dfsg-8_all.deb
to pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-8_all.deb
libsnmp-dev_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-8_sparc.deb
libsnmp-perl_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-8_sparc.deb
libsnmp-python_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp-python_5.4.1~dfsg-8_sparc.deb
libsnmp15_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-8_sparc.deb
net-snmp_5.4.1~dfsg-8.diff.gz
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-8.diff.gz
net-snmp_5.4.1~dfsg-8.dsc
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-8.dsc
snmp_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/snmp_5.4.1~dfsg-8_sparc.deb
snmpd_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/snmpd_5.4.1~dfsg-8_sparc.deb
tkmib_5.4.1~dfsg-8_all.deb
to pool/main/n/net-snmp/tkmib_5.4.1~dfsg-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Friedrich <[EMAIL PROTECTED]> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 03 Jun 2008 13:06:57 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp-dev libsnmp-perl
libsnmp-python tkmib
Architecture: source all sparc
Version: 5.4.1~dfsg-8
Distribution: unstable
Urgency: low
Maintainer: Net-SNMP Packaging Team <[EMAIL PROTECTED]>
Changed-By: Jochen Friedrich <[EMAIL PROTECTED]>
Description:
libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp-python - SNMP (Simple Network Management Protocol) Python support
libsnmp15 - SNMP (Simple Network Management Protocol) library
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 460587 482333 483588
Changes:
net-snmp (5.4.1~dfsg-8) unstable; urgency=low
.
* NACK NMU as the patch broke perl (Closes: #483588)
* Really fix CVE-2008-2292 using two upstream patches (Closes: #482333)
* Update nl translation (Closes: #460587)
* Update patch for support of long interface names to upstream version
Checksums-Sha1:
cb167ed81b537d5ac814c0acef459e027a15a397 1779 net-snmp_5.4.1~dfsg-8.dsc
c0b858e89f026e89c0769a13fda312ca1f0fc2b3 79077 net-snmp_5.4.1~dfsg-8.diff.gz
be831ada779bc8a0b194ab683ec6910c7a78ab47 1368328
libsnmp-base_5.4.1~dfsg-8_all.deb
5c4c01ac9936080384be89940739cdabe2a0e170 943204 tkmib_5.4.1~dfsg-8_all.deb
dccda172d424c4c0df6359cff548a32b95346f93 956530 snmpd_5.4.1~dfsg-8_sparc.deb
f940a9f46efe4323776b26070bc5644b97e1ba1a 1040470 snmp_5.4.1~dfsg-8_sparc.deb
a119a0364ba629d9ca398b1364b5c244e0c9324c 2011846
libsnmp15_5.4.1~dfsg-8_sparc.deb
cff2a581059bbb27342304d4247bdf5a9d7fd2f6 2623096
libsnmp-dev_5.4.1~dfsg-8_sparc.deb
9fdb08626a5bf2dd4ff4984739342b6a3a15355e 1025258
libsnmp-perl_5.4.1~dfsg-8_sparc.deb
1b44d9074eab050925e16cf79934fe561a644315 917172
libsnmp-python_5.4.1~dfsg-8_sparc.deb
Checksums-Sha256:
822fda6953c9d301837d685f889e9c311c27b243a9d4e2cae08862467292a9dc 1779
net-snmp_5.4.1~dfsg-8.dsc
677cb87eea84fc58800f47b27de54af3dce429cb6cb088599b10304a5999d7e2 79077
net-snmp_5.4.1~dfsg-8.diff.gz
ae7f9dbd16e6b6b871b3f8903ac13998baa1e5aa08c42393d3e319666a487dda 1368328
libsnmp-base_5.4.1~dfsg-8_all.deb
bc709d76be0cc27bbe403a8c5d533ad46ca73fd039bc020f829737c3bdc8a26e 943204
tkmib_5.4.1~dfsg-8_all.deb
f07b1ef85d771ba46c1f49b2ba8508442bbdaefec6c2b4e5b0172006e038d647 956530
snmpd_5.4.1~dfsg-8_sparc.deb
97b328b0812a878fe7ff1aeb4798c101205c6415b118420c6ab68f8a19d77d7f 1040470
snmp_5.4.1~dfsg-8_sparc.deb
1cb29f893047fc8654e4887efea27f5faa55e024af9b64418f38c1224d8f3a89 2011846
libsnmp15_5.4.1~dfsg-8_sparc.deb
71a812aa8ca977ef38b2ff55d45b790cfa87ce8907f82b030f7ed72bcf9e132f 2623096
libsnmp-dev_5.4.1~dfsg-8_sparc.deb
ecf57a42419c240b44cb62103c73e26a6ae102ba3599917cd9aa6d78d05137ca 1025258
libsnmp-perl_5.4.1~dfsg-8_sparc.deb
c967be27b422dc5697c6811c2a3b4188d23faf7022b398010c0aacdfb56bffc4 917172
libsnmp-python_5.4.1~dfsg-8_sparc.deb
Files:
746a324412b65f096d560a111559b72e 1779 net optional net-snmp_5.4.1~dfsg-8.dsc
72ec52bee056501fff5308486a8fa233 79077 net optional
net-snmp_5.4.1~dfsg-8.diff.gz
66be9bab6c62cf3104a515433a8cbbb1 1368328 libs optional
libsnmp-base_5.4.1~dfsg-8_all.deb
0132c93b36099e1be88a1c540604765c 943204 net optional tkmib_5.4.1~dfsg-8_all.deb
cdeafd672db14a04f76481d49744d20d 956530 net optional
snmpd_5.4.1~dfsg-8_sparc.deb
4b3a4774b6cbb62818a1ed73d3615108 1040470 net optional
snmp_5.4.1~dfsg-8_sparc.deb
500628c1c0f53584437552692ddeb171 2011846 libs optional
libsnmp15_5.4.1~dfsg-8_sparc.deb
a783fa0eb4e5e72c376ce0e7d0d2d083 2623096 libdevel optional
libsnmp-dev_5.4.1~dfsg-8_sparc.deb
c66e010b6ed7bfad60487993ded8aabf 1025258 perl optional
libsnmp-perl_5.4.1~dfsg-8_sparc.deb
8a1ad531accedd956c60f77c9799acb8 917172 python optional
libsnmp-python_5.4.1~dfsg-8_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIRVI40fhX0Y/ocz0RAn5lAKCPI54va/91xD3YKdO0wm2qIAFzEACePpnL
CEOufQn8A6egVudMFmJrx8g=
=k02R
-----END PGP SIGNATURE-----
--- End Message ---
