-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 31 Oct 2008 09:28:22 +0000 Source: net-snmp Binary: libsnmp9 tkmib snmp libsnmp-perl libsnmp-base libsnmp9-dev snmpd Architecture: source all i386 Version: 5.2.3-7etch3 Distribution: stable-security Urgency: high Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org> Changed-By: Steffen Joeris <white@debian.org> Description: libsnmp-base - NET SNMP (Simple Network Management Protocol) MIBs and Docs libsnmp-perl - NET SNMP (Simple Network Management Protocol) Perl5 Support libsnmp9 - NET SNMP (Simple Network Management Protocol) Library libsnmp9-dev - NET SNMP (Simple Network Management Protocol) Development Files snmp - NET SNMP (Simple Network Management Protocol) Apps snmpd - NET SNMP (Simple Network Management Protocol) Agents tkmib - NET SNMP (Simple Network Management Protocol) MIB Browser Closes: 482333 485945 Changes: net-snmp (5.2.3-7etch3) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix buffer overflow in the perl module (__snprint_value function) that can be exploited via large OCTETSTRING in an attribute value pair (AVP) leading to arbitrary code execution (Closes: #482333) Fixes: CVE-2008-2292 * Fix flaw that allowed spoofing of authenticated SNMPv3 packets via missing check in scapi.c (Closes: #485945) Fixes: CVE-2008-0960 Files: de06cbd22efada7bb73227c9ffbd153e 1046 net optional net-snmp_5.2.3-7etch3.dsc f571ec502e3648fb7a0c5466b484248f 93466 net optional net-snmp_5.2.3-7etch3.diff.gz 10af9271536be8984e394bfb3def6405 1214296 libs optional libsnmp-base_5.2.3-7etch3_all.deb 3f4ddf85969465c9e6a0e155b2bb09d7 855528 net optional tkmib_5.2.3-7etch3_all.deb b65c11e3cbfa29076230f3234014929a 833906 net optional snmpd_5.2.3-7etch3_i386.deb af003d92d1355f0f4fcfaaca13d2a810 925850 net optional snmp_5.2.3-7etch3_i386.deb d2355680c9afa4c9a05e11fd6e5fdf3c 1838882 libs optional libsnmp9_5.2.3-7etch3_i386.deb 5527def3211f72676dff86cefdedfb52 1423316 libdevel optional libsnmp9-dev_5.2.3-7etch3_i386.deb cf9dc1c7a6bab362f4c0a7df469211c1 920016 perl optional libsnmp-perl_5.2.3-7etch3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkK2R4ACgkQ62zWxYk/rQcC9wCeKeeh2Tg0r1RQAhp3mol9GV0A x3UAoLLwU2vHsmwZTITyGuAtDYmhBTQ7 =XrAi -----END PGP SIGNATURE----- Accepted: libsnmp-base_5.2.3-7etch3_all.deb to pool/main/n/net-snmp/libsnmp-base_5.2.3-7etch3_all.deb libsnmp-perl_5.2.3-7etch3_i386.deb to pool/main/n/net-snmp/libsnmp-perl_5.2.3-7etch3_i386.deb libsnmp9-dev_5.2.3-7etch3_i386.deb to pool/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch3_i386.deb libsnmp9_5.2.3-7etch3_i386.deb to pool/main/n/net-snmp/libsnmp9_5.2.3-7etch3_i386.deb net-snmp_5.2.3-7etch3.diff.gz to pool/main/n/net-snmp/net-snmp_5.2.3-7etch3.diff.gz net-snmp_5.2.3-7etch3.dsc to pool/main/n/net-snmp/net-snmp_5.2.3-7etch3.dsc snmp_5.2.3-7etch3_i386.deb to pool/main/n/net-snmp/snmp_5.2.3-7etch3_i386.deb snmpd_5.2.3-7etch3_i386.deb to pool/main/n/net-snmp/snmpd_5.2.3-7etch3_i386.deb tkmib_5.2.3-7etch3_all.deb to pool/main/n/net-snmp/tkmib_5.2.3-7etch3_all.deb