** Changed in: net-snmp (Gentoo Linux)
Importance: Unknown => Low
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-snmp in ubuntu.
https://bugs.launchpad.net/bugs/331410
Title:
CVE-2008-6123: not fixed in latest security releas
https://lists.ubuntu.com/archives/ubuntu-security-
announce/2010-June/001098.html
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-snmp in ub
** Changed in: net-snmp (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-snmp in
Ah-ha, I see the problem now. This vulnerability was introduced after
all the versions of net-snmp that were in the archive at the time the
CVE was published. At some point Debian packaged the 5.4.x series from
a point that did not include the fix, which is why only Lucid and later
have the probl
Hi! Thanks for the report. It looks like this wasn't triaged correctly
when we first looked at it. We'll get this fixed and published. Thanks
for the patches and for testing it.
** Also affects: net-snmp (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: net-snmp (U
** Patch added: "patch for net-snmp package in lucid (built & tested)"
http://launchpadlibrarian.net/49534440/CVE-2008-6123-ubuntu-lucid.patch
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a me
** Patch added: "patch for net-snmp package in lucid (built & tested)"
http://launchpadlibrarian.net/49534438/CVE-2008-6123-ubuntu-lucid.patch
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a me
i sent the following email nearly 48 hours ago to secur...@ubuntu.com
and have received no response or even an acknowledgment, so i'm
following up as a comment to this bug. (i also sent the bug to debian's
pkg-net-snmp-de...@lists.alioth.debian.org, but it never made it through
to the archives, so
I changed the status to confirmed. I have this bug on my machine.
Apport bug report:
ProblemType: Bug
Architecture: amd64
Date: Tue Jun 1 11:32:16 2010
Dependencies:
adduser 3.112ubuntu1
base-files 5.0.0ubuntu20
base-passwd 3.5.22
coreutils 7.4-2ubuntu2
debconf 1.5.28ubuntu4
debconf-i18n 1
** Changed in: net-snmp (Gentoo Linux)
Status: In Progress => Fix Released
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-snmp in ub
** Changed in: net-snmp (Gentoo Linux)
Status: Confirmed => In Progress
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-snmp in ubunt
The CVE-2008-6123 security issue was introduced in the following commit:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=16654
So, the issue was introduced in 5.2.5, 5.3.2 and 5.4.2.
None of our releases are impacted by this.
dapper: 5.2.1.2-4ubuntu2.3
gutsy: 5.3.1-6ubuntu2
Thanks for the debdiffs. The dapper debdiff is incorrect and needs
several other commits so *data will actually contain what is needed.
Further, I tried to reproduce based on the Gentoo bug, but was unable to
so far. Stephan, do you have a working reproducer?
** Changed in: net-snmp (Ubuntu Dapper
** Attachment added: "gutsy debdiff"
http://launchpadlibrarian.net/22904269/gutsy_net-snmp_5.3.1-6ubuntu2.3.debdiff
** Changed in: net-snmp (Ubuntu Gutsy)
Assignee: (unassigned) => Stephan Hermann (shermann)
Status: Confirmed => In Progress
--
CVE-2008-6123: not fixed in latest
** Attachment added: "dapper debdiff"
http://launchpadlibrarian.net/22903935/dapper_net-snmp_5.2.1.2-4ubuntu2.4.debdiff
** Changed in: net-snmp (Ubuntu Dapper)
Assignee: (unassigned) => Stephan Hermann (shermann)
Status: Confirmed => In Progress
--
CVE-2008-6123: not fixed in la
** Changed in: net-snmp (Ubuntu Dapper)
Status: New => Confirmed
** Changed in: net-snmp (Ubuntu Gutsy)
Status: New => Confirmed
** Changed in: net-snmp (Ubuntu Hardy)
Status: New => In Progress
** Changed in: net-snmp (Ubuntu Intrepid)
Status: New => In Progress
**
** Attachment added: "jaunty debdiff (can be uploaded to main)"
http://launchpadlibrarian.net/22865434/jaunty_net-snmp_5.4.1%7Edfsg-12ubuntu2.debdiff
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you
** Changed in: net-snmp (Ubuntu)
Assignee: (unassigned) => Stephan Hermann (shermann)
Status: New => In Progress
** Attachment added: "hardy debdiff"
http://launchpadlibrarian.net/22865260/hardy_net-snmp_5.4.1%7Edfsg-4ubuntu4.3.debdiff
--
CVE-2008-6123: not fixed in latest secur
** Attachment added: "intrepid debdiff"
http://launchpadlibrarian.net/22865262/intrepid_net-snmp_5.4.1%7Edfsg-7.1ubuntu6.2.debdiff
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Ubu
** Visibility changed to: Public
--
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to net-snmp in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu
20 matches
Mail list logo