* CVE-2020-15861: "snmpd runs as a low privileged user account. However, in combination with the *snmp-mibs-downloader package* this protection can be bypassed and it is possible for this account to elevate permissions to the root user. This attack happens due to how snmpd handles symlinks." Advisory: https://github.com/net-snmp/net-snmp/issues/145
* CVE-2020-15862 Description: "Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root." Patch: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 (which is in 5.8.1_pre1) Tree seems clean so just need to glsa.
This issue was resolved and addressed in GLSA 202008-12 at https://security.gentoo.org/glsa/202008-12 by GLSA coordinator Sam James (sam_c).