[ubuntu/groovy-proposed] net-snmp 5.8+dfsg-2ubuntu3 (Accepted)

Sergio Durigan Junior sergio.durigan at canonical.com
Thu Jul 2 20:10:13 UTC 2020 

net-snmp (5.8+dfsg-2ubuntu3) groovy; urgency=medium

  * SECURITY UPDATE: Fix segmentation fault that happens when using the
    snmpv3 protocol with snmpbulkget. (LP: #1877027)
    - d/p/move-securityStateRef-into-free_securityStateRef.patch:
      Consolidate the check of the securityStateRef pointer into the
      free_securityStateRef function.
    - d/p/prevent-snmpv3-bulkget-errors-double-free.patch:
      Prevent snmpv3 bulkget errors from becoming resulting in a
      double free.
    - d/p/fix-usmStateReference-free.patch:
      Fix typo on usm_free_usmStateReference from last patch.
    - d/p/unexport-struct-usmStateReference.patch:
      Unexport struct usmStateReference and to prevent ABI breakages,
      since it will be necessary to add a reference count to it.
    - d/p/introduce-refcount-usmStateReference.patch:
      Introduce refcount in the struct usmStateReference, and adjust
      code to properly use the field.
    - CVE-2019-20892

Date: Tue, 23 Jun 2020 14:37:42 -0400
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/+source/net-snmp/5.8+dfsg-2ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Jun 2020 14:37:42 -0400
Source: net-snmp
Architecture: source
Version: 5.8+dfsg-2ubuntu3
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Launchpad-Bugs-Fixed: 1877027
Changes:
 net-snmp (5.8+dfsg-2ubuntu3) groovy; urgency=medium
 .
   * SECURITY UPDATE: Fix segmentation fault that happens when using the
     snmpv3 protocol with snmpbulkget. (LP: #1877027)
     - d/p/move-securityStateRef-into-free_securityStateRef.patch:
       Consolidate the check of the securityStateRef pointer into the
       free_securityStateRef function.
     - d/p/prevent-snmpv3-bulkget-errors-double-free.patch:
       Prevent snmpv3 bulkget errors from becoming resulting in a
       double free.
     - d/p/fix-usmStateReference-free.patch:
       Fix typo on usm_free_usmStateReference from last patch.
     - d/p/unexport-struct-usmStateReference.patch:
       Unexport struct usmStateReference and to prevent ABI breakages,
       since it will be necessary to add a reference count to it.
     - d/p/introduce-refcount-usmStateReference.patch:
       Introduce refcount in the struct usmStateReference, and adjust
       code to properly use the field.
     - CVE-2019-20892
Checksums-Sha1:
 873482f3ceba1ef4bd974a65fe9de93ecb7dd67c 2958 net-snmp_5.8+dfsg-2ubuntu3.dsc
 d17429487743841f97cec8cb2cc1fe29491340b4 78980 net-snmp_5.8+dfsg-2ubuntu3.debian.tar.xz
 d61524b7e201207f84483742ec18ed01d90f386c 6497 net-snmp_5.8+dfsg-2ubuntu3_source.buildinfo
Checksums-Sha256:
 e40cd96b82a5a2103992921b5244b946bb1caa9f9b401d65cbe283b74982f90a 2958 net-snmp_5.8+dfsg-2ubuntu3.dsc
 0237610918dd98e112ad704a55217630683b792acf19e3184f46c5a4e3a8e28d 78980 net-snmp_5.8+dfsg-2ubuntu3.debian.tar.xz
 d3b63815ef7f7da8ced607a4837e5039bd79c4157953f90f534701d57881dea2 6497 net-snmp_5.8+dfsg-2ubuntu3_source.buildinfo
Files:
 0caf09cf031f9e7dc7489b24d2a94004 2958 net optional net-snmp_5.8+dfsg-2ubuntu3.dsc
 873b51ede6480f7ff39324715545721d 78980 net optional net-snmp_5.8+dfsg-2ubuntu3.debian.tar.xz
 0ab79a016aa39dd4e7d249b093049da7 6497 net optional net-snmp_5.8+dfsg-2ubuntu3_source.buildinfo
Original-Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl7+PogACgkQUdvcWMxV
lXNB0w/+MSW1a88v+ux8+FLkYfipYvz9OBCdxkPSzTpYU6UL9Vr1QyESg8MIwDRG
w1e7xSZ+vfIECInIje3775QgxxtLv8Iqhcooz16/fYxzgmT7fR/dzopAgNMhX1NF
Sf6WoiKtDtdQkZ2af3s6BX/YGs4pqNhqq/vqLkq2HKpwqlGw838/XQkIn29BuaYg
u/VxIYsSxpRSipQySAQWQ93xtmaGyIWL7mrLGzHbleeSMjGlUMj5NkwiANW1q00H
IorVwV5Omx5qPYZkbRZd1diOL+p8ViU8ILgHwPFRkbpxy7rTdOC/m6YrX4TKgam7
PSaR2cZpCXTVJSyHdTXOR3nyBqO5WgrGEpdljkSanBOM3nQCYJQkhs/XPRHzURWb
8Yj0fSd5BJBU4eyBGSffGhSHCOMJ2m/0Qn25PXfXZ9S0f/MXkyhyl7tQyomx+8pg
aFDWywdJgd16ONTEidlxjbe3rUYadfPE8uXlSJl9x1P/9wGKQ2ITNS/ZgI7Y5+lo
Wohx58fDzEiKLRSazZXvWDfVIMajU6FRGMPNKgGXFHgCEcN3mzUQf1NZk+aPIfkJ
MiWjjkpjvW1Q42WEHusiAgpnuUdSBuNKSmh3593QTeY/h/TgClBR0XSWRxbWeS0N
lTmS2HYuOBhIgYR+OapkEDVOTRBeiXcHXc0Xs6BnqiTDtC0eIok=
=npbT
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list