On Wed, 8 Jul 2020 at 01:48, Sylvain Beucler wrote:
> On 07/07/2020 17:07, Sylvain Beucler wrote:
> > In any case, all of this happens between 5.7.3 and 5.8.pre1.
>
> Restricting further (good..bad):
>
> $ git shortlog
>
>
Hi,
On 07/07/2020 17:07, Sylvain Beucler wrote:
> On 06/07/2020 19:11, Sylvain Beucler wrote:
>> Do we have definite info on what versions are affected?
>>
>> I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
>>
>> Incidentally Salvatore's test now yields an error in bullseye
>>
Hi,
On 06/07/2020 19:11, Sylvain Beucler wrote:
> Do we have definite info on what versions are affected?
>
> I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
>
> Incidentally Salvatore's test now yields an error in bullseye
> (5.8dfsg-3), though I suspect the issue is at the
Hi,
Do we have definite info on what versions are affected?
I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
Incidentally Salvatore's test now yields an error in bullseye
(5.8dfsg-3), though I suspect the issue is at the client's level:
# snmpbulkget -v3 -Cn1 -Cr1472 -l authPriv
On Monday, June 29 2020, Craig Small wrote:
> Hi All
> There's a few goes of the required patches but I think I've got them all.
> There was the v3doublefree2.patch, a format patch and then the first git
> reference in the tracker where they have re-arranged the free function so
> it tracks the
Hi All
There's a few goes of the required patches but I think I've got them all.
There was the v3doublefree2.patch, a format patch and then the first git
reference in the tracker where they have re-arranged the free function so
it tracks the reference count.
The result does compile and build
On Sunday, June 28 2020, Craig Small wrote:
> On Fri, 26 Jun 2020 at 07:33, Andreas Hasenack
> wrote:
>
>> we are not happy yet with those commits because they change a struct
>> without bumping the soname. We are investigating how impactful that is.
>>
>
> Hi,
> Did you see how bad these
On Fri, 26 Jun 2020 at 07:33, Andreas Hasenack
wrote:
> we are not happy yet with those commits because they change a struct
> without bumping the soname. We are investigating how impactful that is.
>
Hi,
Did you see how bad these patches are with the API change? Generally if
the API is
Hi Andreas,
On Fri, Jun 26, 2020 at 06:31:44PM -0300, Andreas Hasenack wrote:
> I believe it was introduced in 5.8. The previous version we had was 5.7.3
> and we didn't reproduce it there.
I can confirm that it is not reproducible with the buster version with
the avalable reproducer, but I was
I believe it was introduced in 5.8. The previous version we had was 5.7.3
and we didn't reproduce it there.
On Fri, Jun 26, 2020 at 6:18 PM Salvatore Bonaccorso
wrote:
> Hi Andreas,
>
> On Thu, Jun 25, 2020 at 06:31:13PM -0300, Andreas Hasenack wrote:
> > Hi,
> >
> > we are not happy yet with
Hi Andreas,
On Thu, Jun 25, 2020 at 06:31:13PM -0300, Andreas Hasenack wrote:
> Hi,
>
> we are not happy yet with those commits because they change a struct
> without bumping the soname. We are investigating how impactful that is.
Ack thanks for this heads-up.
Do you have any indication where
Hi,
we are not happy yet with those commits because they change a struct
without bumping the soname. We are investigating how impactful that is.
On Thu, Jun 25, 2020 at 6:27 PM Salvatore Bonaccorso
wrote:
> Hi,
>
> On Thu, Jun 25, 2020 at 10:29:20PM +0200, Salvatore Bonaccorso wrote:
> >
Hi,
On Thu, Jun 25, 2020 at 10:29:20PM +0200, Salvatore Bonaccorso wrote:
> Source: net-snmp
> Version: 5.8+dfsg-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi,
>
> The following vulnerability was published for net-snmp.
>
> CVE-2019-20892[0]:
> |
Source: net-snmp
Version: 5.8+dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for net-snmp.
CVE-2019-20892[0]:
| net-snmp before 5.8.1.pre1 has a double free in
| usm_free_usmStateReference in snmplib/snmpusm.c via
14 matches
Mail list logo
