[Pkg-net-snmp-devel] Bug#963713: net-snmp: CVE-2019-20892
Andreas Hasenack
andreas at canonical.com
Fri Jun 26 22:31:44 BST 2020
I believe it was introduced in 5.8. The previous version we had was 5.7.3
and we didn't reproduce it there.
On Fri, Jun 26, 2020 at 6:18 PM Salvatore Bonaccorso <carnil at debian.org>
wrote:
> Hi Andreas,
>
> On Thu, Jun 25, 2020 at 06:31:13PM -0300, Andreas Hasenack wrote:
> > Hi,
> >
> > we are not happy yet with those commits because they change a struct
> > without bumping the soname. We are investigating how impactful that is.
>
> Ack thanks for this heads-up.
>
> Do you have any indication where the issue was actually introduced?
> The oss-security post is slight confising in this regard. I can
> reproduce the issue with the given version 5.8+dfsg-2. But not in
> buster.
>
> Regards,
> Salvatore
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-net-snmp-devel/attachments/20200626/3ed16593/attachment.html>
More information about the Pkg-net-snmp-devel
mailing list