[Pkg-net-snmp-devel] Bug#483588: libsnmp-perl: Fix for CVE-2008-2292 (#482333) breaks OCTETSTR parsing

Peter Hicks peter.hicks at poggs.co.uk
Thu May 29 16:59:54 UTC 2008

Package: libsnmp-perl
Version: 5.4.1~dfsg-7.1
Severity: important

Bug #482333 addresses CVE-2008-2292, a buffer overflow in __snprint_value. 
However, this also breaks the perl module, which returns garbage for any
OCTETSTRs passed back.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-angel-poggs (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libsnmp-perl depends on:
ii  libc6                     2.7-11         GNU C Library: Shared libraries
ii  libsnmp15                 5.4.1~dfsg-7.1 SNMP (Simple Network Management Pr
ii  perl                      5.10.0-10      Larry Wall's Practical Extraction 
ii  perl-base [perlapi-5.10.0 5.10.0-10      The Pathologically Eclectic Rubbis

libsnmp-perl recommends no packages.

-- no debconf information

More information about the Pkg-net-snmp-devel mailing list