[ubuntu/lunar-proposed] net-snmp 5.9.3+dfsg-1ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jan 9 15:00:16 UTC 2023 

net-snmp (5.9.3+dfsg-1ubuntu4) lunar; urgency=medium

  * SECURITY UPDATE: DoS via null pointer exception issues
    - debian/patches/CVE-2022-4479x-1.patch: disallow SET with NULL varbind
      in agent/snmp_agent.c.
    - debian/patches/CVE-2022-4479x-2.patch: allow SET with NULL varbind
      for testing in apps/snmpset.c.
    - debian/patches/CVE-2022-4479x-3.patch: add test for NULL varbind set
      in testing/fulltests/default/T0142snmpv2csetnull_simple.
    - CVE-2022-44792
    - CVE-2022-44793

Date: Mon, 09 Jan 2023 09:41:56 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/net-snmp/5.9.3+dfsg-1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Mon, 09 Jan 2023 09:41:56 -0500
Source: net-snmp
Built-For-Profiles: noudeb
Architecture: source
Version: 5.9.3+dfsg-1ubuntu4
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 net-snmp (5.9.3+dfsg-1ubuntu4) lunar; urgency=medium
 .
   * SECURITY UPDATE: DoS via null pointer exception issues
     - debian/patches/CVE-2022-4479x-1.patch: disallow SET with NULL varbind
       in agent/snmp_agent.c.
     - debian/patches/CVE-2022-4479x-2.patch: allow SET with NULL varbind
       for testing in apps/snmpset.c.
     - debian/patches/CVE-2022-4479x-3.patch: add test for NULL varbind set
       in testing/fulltests/default/T0142snmpv2csetnull_simple.
     - CVE-2022-44792
     - CVE-2022-44793
Checksums-Sha1:
 99ca96e3cc44959d040008193b5e56efb8256c55 2857 net-snmp_5.9.3+dfsg-1ubuntu4.dsc
 c0cddb6da6dbd0948aca0851622bb32a53d35f3b 78960 net-snmp_5.9.3+dfsg-1ubuntu4.debian.tar.xz
 979815712553774db23c9e52b83d13f1be878f51 7160 net-snmp_5.9.3+dfsg-1ubuntu4_source.buildinfo
Checksums-Sha256:
 8235a0d912a4a11c7c8ea2f3cd888b07e3798d0c586043d1873134ef27993f33 2857 net-snmp_5.9.3+dfsg-1ubuntu4.dsc
 45313eddb38e9485984bc380a62ac67b87d0691e5682506da4bc99ce75ee216c 78960 net-snmp_5.9.3+dfsg-1ubuntu4.debian.tar.xz
 cb080ba543ef9581dae0b236778f5382ed2e10e32d28ce63e828418a303918dd 7160 net-snmp_5.9.3+dfsg-1ubuntu4_source.buildinfo
Files:
 1e02c49c45ad4ed8bc29a4c61420979d 2857 net optional net-snmp_5.9.3+dfsg-1ubuntu4.dsc
 59813abb95ff152ab44778d9ffe88cef 78960 net optional net-snmp_5.9.3+dfsg-1ubuntu4.debian.tar.xz
 c0487222805c83b9e2eab849baf5241d 7160 net optional net-snmp_5.9.3+dfsg-1ubuntu4_source.buildinfo
Original-Maintainer: Debian SNMP Team <team+snmp at tracker.debian.org>

More information about the lunar-changes mailing list