registry team mailing list archive

Thread
Date

[Bug 331410] Re: CVE-2008-6123: not fixed in latest security releases

To: registry@xxxxxxxxxxxxxxxxxxx
From: Kees Cook <kees@xxxxxxxxxx>
Date: Wed, 02 Jun 2010 04:39:30 -0000
Reply-to: Bug 331410 <331410@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Ah-ha, I see the problem now.  This vulnerability was introduced after
all the versions of net-snmp that were in the archive at the time the
CVE was published.  At some point Debian packaged the 5.4.x series from
a point that did not include the fix, which is why only Lucid and later
have the problem.

** Changed in: net-snmp (Ubuntu Maverick)
       Status: Triaged => Fix Released

** Changed in: net-snmp (Ubuntu Lucid)
       Status: Triaged => Fix Committed

-- 
CVE-2008-6123: not fixed in latest security releases
https://bugs.launchpad.net/bugs/331410
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Fedora.