[Pkg-net-snmp-commits] [pkg-net-snmp] 03/05: fix Bug#684388

Hideki Yamane henrich at moszumanska.debian.org
Mon Sep 15 15:19:28 UTC 2014 

This is an automated email from the git hooks/post-receive script.

henrich pushed a commit to branch squeeze
in repository pkg-net-snmp.

commit 0323859eb92c9936c65d28f85a5986cd3353b754
Author: Hideki Yamane <henrich at debian.org>
Date:   Sun May 4 13:15:44 2014 +0900

    fix Bug#684388
---
 debian/changelog                      |  3 +++
 debian/patches/67_CVE-2014-2310.patch | 22 ++++++++++++++++++++++
 debian/patches/series                 |  1 +
 3 files changed, 26 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f962835..d1731b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ net-snmp (5.4.3~dfsg-2+squeeze2) oldstable-proposed-updates; urgency=high
   * Team upload.
   * debian/patches
     - add TrapReceiver.patch to fix CVE-2014-2285
+    - add 67_CVE-2014-2310.patch, fix agentx subagent issues with
+      multiple-object requests and increasing  object length (CVE-2014-2310)
+      also applied to squeeze (Closes: #684388)
 
  -- Hideki Yamane <henrich at debian.org>  Sun, 04 May 2014 12:49:22 +0900
 
diff --git a/debian/patches/67_CVE-2014-2310.patch b/debian/patches/67_CVE-2014-2310.patch
new file mode 100644
index 0000000..dfd72ce
--- /dev/null
+++ b/debian/patches/67_CVE-2014-2310.patch
@@ -0,0 +1,22 @@
+Description: Patch 3141462: from fenner: fix agentx subagent issues with multiple-object requests
+Bug: http://sourceforge.net/p/net-snmp/patches/1113/ 
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388
+Origin: upstream, http://sourceforge.net/p/net-snmp/code/ci/8d160ac04e7087c10fbda1d1d76d5f2854d58057 
+Index: net-snmp-5.4.3~dfsg/agent/mibgroup/agentx/protocol.c
+===================================================================
+--- net-snmp-5.4.3~dfsg.orig/agent/mibgroup/agentx/protocol.c	2014-03-17 20:51:06.668331699 +0100
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/agentx/protocol.c	2014-03-17 20:51:06.660331611 +0100
+@@ -1765,11 +1765,11 @@
+                                       (u_char *) end_oid_buf,
+                                       end_oid_buf_len);
+             }
++            oid_buf_len = MAX_OID_LEN;
++            end_oid_buf_len = MAX_OID_LEN;
+         }
+ 
+         DEBUGINDENTLESS();
+-        oid_buf_len = MAX_OID_LEN;
+-        end_oid_buf_len = MAX_OID_LEN;
+         break;
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 6ab8d00..c29520a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@
 62_add_lib_cflags.patch
 CVE-2012-2141.patch
 TrapReceiver.patch
+67_CVE-2014-2310.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-net-snmp/pkg-net-snmp.git

More information about the Pkg-net-snmp-commits mailing list