Summary: | <net-analyzer/net-snmp-5.8-r1: snmp_pdu_parse() incompletely parsed varBinds left in list of variables | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | netmon | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1212408 | ||||||
Whiteboard: | B3 [noglsa cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Agostino Sarubbo
2015-04-16 12:26:20 UTC
Mh, looks like the patch was lost: $ git tag --contains f23bcd3ac6ddee5d0a48f9703007ccc738914791 | sort v5.4.5.pre1 I ping'ed upstream: https://sourceforge.net/p/net-snmp/bugs/2759/ Created attachment 495486 [details, diff] Patch extracted from branch 5-7-patches From https://sourceforge.net/p/net-snmp/bugs/2759/ Patch is available at branch 5-7-patches @Maintainers could you test it and see if it fixes the error till next official release from upstream? Gentoo Security Padawan ChrisADR @security, are we good here? Keywords for net-analyzer/net-snmp: | a | | | m | | | d x | | | 6 8 | | | 4 6 | u | | a a a p r s | | | n | | l m r i p i h m s p m f f | e u s | r | p d a m a p c s x p 6 3 a i b b | a s l | e | h 6 r 6 6 p 6 c 8 p 8 9 s r p s s | p e o | p | a 4 m 4 4 c 4 v 6 a k 0 h c s d d | i d t | o ------------+-----------------------------------+----------+------- 5.7.3-r5 | + + + + + + + o + + o + ~ + ~ o o | 5 o 0 | gentoo 5.7.3-r6 | ~ ~ ~ ~ ~ ~ ~ o ~ ~ o ~ ~ ~ ~ o o | 5 # | gentoo 5.7.3_p3-r1 | ~ ~ ~ ~ ~ ~ ~ o ~ ~ o ~ ~ ~ ~ o o | 6 o | gentoo ------------+-----------------------------------+----------+------- 5.8-r1 | + + + + + + + o + + o + ~ + ~ o o | 6 o 0/35 | gentoo 99999999 | o o o o o o o o o o o o o o o o o | 6 o | gent code review shows the patches are present in 5.8-r1 |