[Pkg-net-snmp-devel] Bug#963713: Bug#963713: net-snmp: CVE-2019-20892
Craig Small
csmall at debian.org
Tue Jul 7 22:50:09 BST 2020
On Wed, 8 Jul 2020 at 01:48, Sylvain Beucler <beuc at beuc.net> wrote:
> On 07/07/2020 17:07, Sylvain Beucler wrote:
> > In any case, all of this happens between 5.7.3 and 5.8.pre1.
>
> Restricting further (good..bad):
>
> $ git shortlog
>
> 1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c..e207b8113260fd7d84df0ebdb66925ab70da29b2
> Robert Story (2):
> Add VMware copyright
> tweak sndMsgMaxSize handling
>
> VMwareDev Randy (4):
> getbulk enhancements: limit responses gathered
> reduce session msg max sizes to transport max
> getbulk enhancements: response size + fallback to forward encoding
> move v3 engineID probe into initial packet build
>
Thanks for doing this bisect. So the issue happened after 5.7.3 (this
change happened in 2015, 5.7.3 was released in 2014) which means we only
need to worry about unstable and testing.
- Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-net-snmp-devel/attachments/20200708/04387ade/attachment.html>
More information about the Pkg-net-snmp-devel
mailing list