CVE-2008-6123: Access restriction bypass

Debian Bug report logs - #516801
CVE-2008-6123: Access restriction bypass

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2008-6123: Access restriction bypass

Date: Mon, 23 Feb 2009 19:41:56 +0100

Package: net-snmp
Severity: grave
Tags: security

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123

Upstream patch at 
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Message #10 received at 516801@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@canonical.com>

To: 516801@bugs.debian.org

Subject: Re: CVE-2008-6123: Access restriction bypass

Date: Mon, 02 Mar 2009 17:09:25 -0500

The CVE-2008-6123 security issue was introduced in the following commit:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=16654

So, the issue was introduced in 5.2.5, 5.3.2 and 5.4.2.

Message #15 received at 516801@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 516801@bugs.debian.org

Subject: Re: Bug#516801: CVE-2008-6123: Access restriction bypass

Date: Tue, 10 Mar 2009 14:47:45 +0100

[Message part 1 (text/plain, inline)]

Hi,
* Moritz Muehlenhoff <jmm@debian.org> [2009-02-23 20:59]:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
> 
> Upstream patch at 
> http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

Do I miss anything or are we not affected by this bug? The 
code we have is the version before 
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=16654

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #22 received at 516801-close@bugs.debian.org (full text, mbox, reply):

From: Jochen Friedrich <jochen@scram.de>

To: 516801-close@bugs.debian.org

Subject: Bug#516801: fixed in net-snmp 5.4.2.1~dfsg-1

Date: Mon, 16 Nov 2009 21:55:33 +0000

Source: net-snmp
Source-Version: 5.4.2.1~dfsg-1

We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:

libsnmp-base_5.4.2.1~dfsg-1_all.deb
  to main/n/net-snmp/libsnmp-base_5.4.2.1~dfsg-1_all.deb
libsnmp-dev_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-dev_5.4.2.1~dfsg-1_sparc.deb
libsnmp-perl_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-perl_5.4.2.1~dfsg-1_sparc.deb
libsnmp-python_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-python_5.4.2.1~dfsg-1_sparc.deb
libsnmp15-dbg_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp15-dbg_5.4.2.1~dfsg-1_sparc.deb
libsnmp15_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp15_5.4.2.1~dfsg-1_sparc.deb
net-snmp_5.4.2.1~dfsg-1.diff.gz
  to main/n/net-snmp/net-snmp_5.4.2.1~dfsg-1.diff.gz
net-snmp_5.4.2.1~dfsg-1.dsc
  to main/n/net-snmp/net-snmp_5.4.2.1~dfsg-1.dsc
net-snmp_5.4.2.1~dfsg.orig.tar.gz
  to main/n/net-snmp/net-snmp_5.4.2.1~dfsg.orig.tar.gz
snmp_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/snmp_5.4.2.1~dfsg-1_sparc.deb
snmpd_5.4.2.1~dfsg-1_sparc.deb
  to main/n/net-snmp/snmpd_5.4.2.1~dfsg-1_sparc.deb
tkmib_5.4.2.1~dfsg-1_all.deb
  to main/n/net-snmp/tkmib_5.4.2.1~dfsg-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516801@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Friedrich <jochen@scram.de> (supplier of updated net-snmp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Nov 2009 18:29:10 +0100
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp15-dbg libsnmp-dev libsnmp-perl libsnmp-python tkmib
Architecture: source all sparc
Version: 5.4.2.1~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Jochen Friedrich <jochen@scram.de>
Description: 
 libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
 libsnmp-dev - SNMP (Simple Network Management Protocol) development files
 libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
 libsnmp-python - SNMP (Simple Network Management Protocol) Python support
 libsnmp15  - SNMP (Simple Network Management Protocol) library
 libsnmp15-dbg - SNMP (Simple Network Management Protocol) library debug
 snmp       - SNMP (Simple Network Management Protocol) applications
 snmpd      - SNMP (Simple Network Management Protocol) agents
 tkmib      - SNMP (Simple Network Management Protocol) MIB browser
Closes: 498475 516801 520724 528106 528107 531056 541366
Changes: 
 net-snmp (5.4.2.1~dfsg-1) unstable; urgency=low
 .
   * New upstream version
     - includes patch for CVE-2008-6123 (Closes: #516801)
   * remove patches applied upstream:
     - 55_cve2008_4309.patch
     - 54_fix_xen.patch
     - 53_fix_python_regression.patch
     - 52_suppress_registration_warnings.patch
     - 51_allow_g_groupname.patch
     - 50_cve2008_0960.patch
     - 49_cve2008_2292_python.patch
     - 48_cve2008_2292_perl.patch
     - 47_prevent_partial_inserts.patch
     - 46_ifname_crop.patch
     - 45_process_race.patch
     - 43_snmp_logging.patch
     - 41_snmptrapd_close_handles.patch
   * Updated patches:
     - 31_silence_subcontainer.patch: Use upstream changeset 17254
     - 25_duplicate_iftable.patch: Regenerated
     - 03_makefiles.patch: Install Makefile.mib
   * Removed non-free MIBS from distribution (Closes: #498475)
   * Add debug package
   * Implement "status" action in the init.d script. (Closes: #528107)
     Thanks to Peter Eisentraut <petere@debian.org> for the patch
   * Fix LSB dependencies (Closes: #541366). Thanks to Petter Reinholdtsen
     <pere@hungry.com> for the patch.
   * Let snmpd run as group snmp (Closes: #520724). Thanks to Russell Coker
     <russell@coker.com.au> for the patch.
   * Update standards version to 3.8.3.
   * Get rid off lintian warnings.
   * Fix memory leak when multiple interfaces have the same IPv6 address,
     such as link-local addresses when VLAN subinterfaces are in use.
     (Closes: #531056). Thanks to John Morrissey <jwm@horde.net> for the
     patch.
   * Rework build system (Closes: #528106)
   * Change default configuration to make snmp daemons run without MIBs.
Checksums-Sha1: 
 bd265e158dc18635d2b69cbeabcdf6960b2d9d53 1816 net-snmp_5.4.2.1~dfsg-1.dsc
 e893160942ed4d99c23e4c6dddac72a32353a7fc 4368243 net-snmp_5.4.2.1~dfsg.orig.tar.gz
 b21c43ac86b3fda7d1cab495573dddd25ab2164d 49628 net-snmp_5.4.2.1~dfsg-1.diff.gz
 de5da4d61437f1d76f05f4a2805a19c8fe766148 1089658 libsnmp-base_5.4.2.1~dfsg-1_all.deb
 49ada6c27c88acc197d5393bdeed512a456f4717 959510 tkmib_5.4.2.1~dfsg-1_all.deb
 c446aeff6f6def1061f868481bb905607d2883db 973446 snmpd_5.4.2.1~dfsg-1_sparc.deb
 51389f5933889bd496c0544598dd16a817395017 1057268 snmp_5.4.2.1~dfsg-1_sparc.deb
 9f1646fcb39af008bc6b8bd40cac0110a4531390 2042918 libsnmp15_5.4.2.1~dfsg-1_sparc.deb
 6d3b7a49bf7aac268ed91bf344b36eab896c312d 2219734 libsnmp15-dbg_5.4.2.1~dfsg-1_sparc.deb
 158fd0604c3631dd83da4f55fb97a4db9cc85b0f 2663102 libsnmp-dev_5.4.2.1~dfsg-1_sparc.deb
 c855f3a463331c5b2765feb7b929a6ae28103ec0 1047354 libsnmp-perl_5.4.2.1~dfsg-1_sparc.deb
 ece3ef8bf5fd0776ee1e70f354363f90517e778f 932888 libsnmp-python_5.4.2.1~dfsg-1_sparc.deb
Checksums-Sha256: 
 1011bac4fbdd062aec9ff3ddc0395c5d0666209b8ebc71c11982f2d50537272a 1816 net-snmp_5.4.2.1~dfsg-1.dsc
 78724b7a23db0976f57dd73d10c00bba5cc526aaab65c095d22c848ff4ba752f 4368243 net-snmp_5.4.2.1~dfsg.orig.tar.gz
 007ab518f31f4ce71ad767d3e1717c532160bac42d1234b5e2444edeb0d86547 49628 net-snmp_5.4.2.1~dfsg-1.diff.gz
 f89aa5faa36174ecdb0f24f55f90ed208a7936dc2eadce8b3a637b1afe673c4f 1089658 libsnmp-base_5.4.2.1~dfsg-1_all.deb
 3680dfc5564d0600cc701addb26a265e949b5b5ff10b93844f1cdbada45bc492 959510 tkmib_5.4.2.1~dfsg-1_all.deb
 39a6597740feef55130a094a0fff5faee16f1fe6bb2ef7a211008bdc8e68cce9 973446 snmpd_5.4.2.1~dfsg-1_sparc.deb
 beeec96e53e8c59f211ada6cdd1d79ccaacd31fe3d53c83a3d21022e310261cd 1057268 snmp_5.4.2.1~dfsg-1_sparc.deb
 b1408650fdd2a11bbdadad06334ed225aa9054ca51501b24cf5f7b597ee902fd 2042918 libsnmp15_5.4.2.1~dfsg-1_sparc.deb
 76e4f65be7338491f8c79efc880bfdf4bd540098211e7beb2d73cf7ad4c50463 2219734 libsnmp15-dbg_5.4.2.1~dfsg-1_sparc.deb
 d47a4d3a076dbaae3e9bcff088f0af19d3858577584e1a28a17150376f0914a5 2663102 libsnmp-dev_5.4.2.1~dfsg-1_sparc.deb
 d02ac2ba83e9da03fd66b9db492d3bcaea94e000cf8fbb6973453cb07d40198c 1047354 libsnmp-perl_5.4.2.1~dfsg-1_sparc.deb
 a3f1bf354f18f65c29ab2c93c3c65384aafcbe7fd3b8e58a52da4c2758731176 932888 libsnmp-python_5.4.2.1~dfsg-1_sparc.deb
Files: 
 8c53f206b7eef64c8d260fa2ebc9b362 1816 net optional net-snmp_5.4.2.1~dfsg-1.dsc
 2ce0ad3c6e13360a23a0dd49c7f7504b 4368243 net optional net-snmp_5.4.2.1~dfsg.orig.tar.gz
 3c1c824e3585ff8b1a0ebe93d656a203 49628 net optional net-snmp_5.4.2.1~dfsg-1.diff.gz
 5385624bb1fb1cc735493583bd2478ee 1089658 libs optional libsnmp-base_5.4.2.1~dfsg-1_all.deb
 3c67b1c428df3e2fd0de6316a884f1bf 959510 net optional tkmib_5.4.2.1~dfsg-1_all.deb
 93a30abb0dd67fdd153ac3fbfebcd754 973446 net optional snmpd_5.4.2.1~dfsg-1_sparc.deb
 9e18bd44144b849186b2834f4aa2a957 1057268 net optional snmp_5.4.2.1~dfsg-1_sparc.deb
 9572a313202adc40375d87d75a5173cd 2042918 libs optional libsnmp15_5.4.2.1~dfsg-1_sparc.deb
 a4092f58333c5965a963a4ae66683e97 2219734 debug extra libsnmp15-dbg_5.4.2.1~dfsg-1_sparc.deb
 426e28790da190956d338c22ddf9ae29 2663102 libdevel optional libsnmp-dev_5.4.2.1~dfsg-1_sparc.deb
 868c604b7ae12af373b2407e982b3b22 1047354 perl optional libsnmp-perl_5.4.2.1~dfsg-1_sparc.deb
 c3510ab90f5b6eb652d887c901318acc 932888 python optional libsnmp-python_5.4.2.1~dfsg-1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFK+Tta0fhX0Y/ocz0RAiJQAJ92GJukHRTCBKf0Jrm/vK7kAt3M+ACgj/fR
jRdw0urB5nJkLRt3Srohpo8=
=agIt
-----END PGP SIGNATURE-----

Message #27 received at 516801@bugs.debian.org (full text, mbox, reply):

From: Corey Wright <undefined@pobox.com>

To: 516801@bugs.debian.org

Subject: Fw: CVE-2008-6123 applies to snmpd in lucid (and sid)

Date: Tue, 1 Jun 2010 21:05:51 -0500

[Message part 1 (text/plain, inline)]

the vulnerability seems to still exist in the 5.4.2.1~dfsg-5 source package.

i sent the attached email to the debian developers [1] nearly 48 hours ago
and it hasn't appeared in the pkg-net-snmp-devel archives, so i'm presuming
it got caught in a spam filter somewhere and instead hoping for better luck
filing it as a comment to bug #516801.

as the attached email states, sid's 5.4.2.1~dfsg-5 appears to be vulnerable
based on its snmplib/snmpUDPDomain.c and lack of applicable patches in
debian/patches.

i don't know what the previous patch looked like, but the attached patch
should apply cleanly as it takes into account debian's/ubuntu's incorrect
"%hd" (vs upstream's "%hu").

if i overlooked something in my analysis (as i did not observe the bug in
the resulting binary as i did with ubuntu's version, but just examined the
source code), then please disregard this email.

thanks for packaging net-snmp (as i run it on my lenny installations
without any problems)!

corey
-- 
undefined@pobox.com

[1] pkg-net-snmp-devel@lists.alioth.debian.org
[2] http://lists.alioth.debian.org/pipermail/pkg-net-snmp-devel/

[Message part 2 (message/rfc822, inline)]

From: Corey Wright <undefined@pobox.com>

To: security@ubuntu.com

Cc: pkg-net-snmp-devel@lists.alioth.debian.org

Subject: CVE-2008-6123 applies to snmpd in lucid (and sid)

Date: Mon, 31 May 2010 02:28:53 -0500

[Message part 3 (text/plain, inline)]

SUMMARY
-------

snmpd in lucid (5.4.2.1~dfsg0ubuntu1-0ubuntu2) is vulnerable to
CVE-2008-6123 contrary to what its changelog says.

the attached patch was applied to the aforementioned version, compiled in a
pbuilder lucid chroot (on lenny), and the resulting packages (libsnmp-base,
libsnmp15, snmp, snmpd) were successfully tested on lucid-i386.

i also downloaded sid's 5.4.2.1~dfsg-5 source and it appears to be
vulnerable based on its snmplib/snmpUDPDomain.c and the lack of any
applicable patch(es) in debian/patches.

REFERENCES
----------

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/snmplib/snmpUDPDomain.c?r1=17367&r2=17366&pathrev=17367

BACKGROUND
----------

i recently upgraded a netbook from hardy to lucid by installing lucid to a
new hard drive and copying/merging the old configuration.  after installing
snmpd and merging/copying the associated configuration files
(/etc/default/snmpd, /etc/snmp/snmpd.conf, /etc/hosts.allow,
& /etc/hosts.deny) it rejected connections from my cacti installation
residing on the network (the only IP allowed to connect to it based on the
tcp-wrapper's ACL). i also noticed that the syslog output was incorrect:

snmpd[$PID]: Connection from UDP: [$LOCAL_IP]->[$REMOTE_IP]:-13093 REFUSED

yes, the remote port is negative due to "%hd" in the packages'
snmplib/snmpUDPDomain.c, but is "%hu" upstream and fixed in the attached
patch.

PROBLEM
-------

snmpd improperly applies tcp-wrapper ACLs because it calls tcp-wrapper's
hosts_ctl (see netsnmp_agent_check_packet() in agent/snmp_agent.c) with it's
local IP address as the "client_addr" (instead of the snmp client's remote
IP address) because of incorrect string assembly (see netsnmp_udp_fmtaddr()
in snmplib/snmpUDPDomain.c).

SOLUTION
--------

searching for snmpd bugs related to tcp wrappers, i found debian bug
#516801.  i downloaded and browsed the ubuntu source package, reviewed
agent/snmp_agent.c where tcp-wrappers' hosts_ctl() is called, backtracked
to snmplib/snmpUDPDomain.c where the string is constructed that
snmp_agent.c deconstructs for hosts_ctl(), and verified that upstream's
CVE-2008-6123 patch for v5.4 is still applicable (though compensating for
"%hd" in debian/ubuntu source).

i added the patch to the package using quilt, rebuilt the package,
installed it, and it works correctly:

snmpd[$PID]: Connection from UDP: [$REMOTE_IP]:53735->[$LOCAL_IP]

thanks for providing the net-snmp packages!

corey
-- 
undefined@pobox.com

[CVE-2008-6123-ubuntu-lucid.patch (text/x-diff, attachment)]

Message #36 received at 516801@bugs.debian.org (full text, mbox, reply):

From: Jochen Friedrich <jochen@scram.de>

To: 516801@bugs.debian.org, Debian Bug Tracking System <control@bugs.debian.org>

Subject: Update to 5.4.3 pending

Date: Fri, 04 Jun 2010 18:51:14 +0200

tags 516801 +pending
thanks

Hi,

I've just committed the update to 5.4.3 to SVN. I plan an upload for next week.

Thanks,
Jochen

Message #41 received at 516801-close@bugs.debian.org (full text, mbox, reply):

From: Jochen Friedrich <jochen@scram.de>

To: 516801-close@bugs.debian.org

Subject: Bug#516801: fixed in net-snmp 5.4.3~dfsg-1

Date: Thu, 10 Jun 2010 19:32:37 +0000

Source: net-snmp
Source-Version: 5.4.3~dfsg-1

We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:

libsnmp-base_5.4.3~dfsg-1_all.deb
  to main/n/net-snmp/libsnmp-base_5.4.3~dfsg-1_all.deb
libsnmp-dev_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-dev_5.4.3~dfsg-1_sparc.deb
libsnmp-perl_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-perl_5.4.3~dfsg-1_sparc.deb
libsnmp-python_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-python_5.4.3~dfsg-1_sparc.deb
libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
libsnmp15_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp15_5.4.3~dfsg-1_sparc.deb
net-snmp_5.4.3~dfsg-1.debian.tar.gz
  to main/n/net-snmp/net-snmp_5.4.3~dfsg-1.debian.tar.gz
net-snmp_5.4.3~dfsg-1.dsc
  to main/n/net-snmp/net-snmp_5.4.3~dfsg-1.dsc
net-snmp_5.4.3~dfsg.orig.tar.gz
  to main/n/net-snmp/net-snmp_5.4.3~dfsg.orig.tar.gz
snmp_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/snmp_5.4.3~dfsg-1_sparc.deb
snmpd_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/snmpd_5.4.3~dfsg-1_sparc.deb
tkmib_5.4.3~dfsg-1_all.deb
  to main/n/net-snmp/tkmib_5.4.3~dfsg-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516801@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Friedrich <jochen@scram.de> (supplier of updated net-snmp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 18:02:54 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp15-dbg libsnmp-dev libsnmp-perl libsnmp-python tkmib
Architecture: source sparc all
Version: 5.4.3~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Jochen Friedrich <jochen@scram.de>
Description: 
 libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
 libsnmp-dev - SNMP (Simple Network Management Protocol) development files
 libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
 libsnmp-python - SNMP (Simple Network Management Protocol) Python support
 libsnmp15  - SNMP (Simple Network Management Protocol) library
 libsnmp15-dbg - SNMP (Simple Network Management Protocol) library debug
 snmp       - SNMP (Simple Network Management Protocol) applications
 snmpd      - SNMP (Simple Network Management Protocol) agents
 tkmib      - SNMP (Simple Network Management Protocol) MIB browser
Closes: 516801 559109 575810 582400
Changes: 
 net-snmp (5.4.3~dfsg-1) unstable; urgency=low
 .
   * New upstream version (Closes: #559109)
     - includes fix for CVE-2008-4309
     - includes fix for CVE-2008-6123 (Closes: #516801)
     - AgentX support listens on localhost (only) by default
     - support for monitoring large disks (>2Tb)
     - improved handling of multiple matching access control entries
   * Remove patches included upstream:
     - 31_silence_subcontainer.patch
     - 57_fix_ipv6_memleak.patch
     - 59_fix_python.patch
   * Update patches:
     - 03_makefiles.patch
     - 07_docfiles.patch
     - 08_defaultconfig.patch
     - 32_mnttab_path.patch
     - 56_manpage.patch (Closes: #582400)
     - 60_libsensors_api.patch (Closes: #575810)
   * Switch to dpkg-source 3.0 (quilt) format
   * Bump Standards version to 3.8.4
   * Moved snmp.conf from snmp to libsnmp15
   * Don't bind to 172.0.0.1 in snmpd.default anymore. This is now
     done in the upstream sample snmpd.conf file. Trying to bind to
     127.0.0.1 in both places will make snmpd fail to start, at all.
Checksums-Sha1: 
 48ac3888f7772e640438b01df058166b8df48ea5 1828 net-snmp_5.4.3~dfsg-1.dsc
 7154bc505d7fbb8b1628d86015918df3e281cd67 4389779 net-snmp_5.4.3~dfsg.orig.tar.gz
 fdb75fee7dd70229c9ce803bffe90919cf8d7f3e 49104 net-snmp_5.4.3~dfsg-1.debian.tar.gz
 a00fc6f25c97cc74d8a108377adc1f4e2c06c8bf 963266 snmpd_5.4.3~dfsg-1_sparc.deb
 fc2c5502c2b63da93b3d9e29da4fc7d9a99fe96f 1049072 snmp_5.4.3~dfsg-1_sparc.deb
 584051255e6452992eb34c228edb6be12fddcd4c 1096940 libsnmp-base_5.4.3~dfsg-1_all.deb
 ce8a85957859389120c210e7b20cb19a275d3ce7 2126670 libsnmp15_5.4.3~dfsg-1_sparc.deb
 6f64dafb7322ccc8962075d59109e3ba1c3119ea 1326534 libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
 3c8bf52901e032d5a17e7bc42c98d982ddc9a0f6 1799214 libsnmp-dev_5.4.3~dfsg-1_sparc.deb
 a52921a285dd89e4f175ac794cafdd4e93e6317a 146194 libsnmp-perl_5.4.3~dfsg-1_sparc.deb
 1986c627558ea843ae471cb73e035e5afbadff0d 925464 libsnmp-python_5.4.3~dfsg-1_sparc.deb
 9d3105775fb5f95f211efe51af7fb6b1cbdd9569 981584 tkmib_5.4.3~dfsg-1_all.deb
Checksums-Sha256: 
 a0ea8e90f69945f37dd4a25445103e7add482ead11127f0d7fb7f86bdafe086d 1828 net-snmp_5.4.3~dfsg-1.dsc
 83bd12866a0a3d2ebb5a0b346fed113c2d81ecac188397ffd6619c6caa711151 4389779 net-snmp_5.4.3~dfsg.orig.tar.gz
 6fa7c2f9d86ada75e4766bada1ffad9fa2f0f29637ca62e5705102492d3af09b 49104 net-snmp_5.4.3~dfsg-1.debian.tar.gz
 e01c19c26ec4714dc75b2beab664bd80f790ee47ba20481383edb96ef00b9a88 963266 snmpd_5.4.3~dfsg-1_sparc.deb
 025cb9ba45d7e9d206c512dbb46456517acbfa205ada81fb4be5cdd9730e37c5 1049072 snmp_5.4.3~dfsg-1_sparc.deb
 26cad5cef990b1139e37ab58098147401072054490c704a6edfbfc6d130823dd 1096940 libsnmp-base_5.4.3~dfsg-1_all.deb
 bf8a2bd11f460b8fe5ed64e39658243abac5dd416bc5e12041a8d30523941c94 2126670 libsnmp15_5.4.3~dfsg-1_sparc.deb
 d18f0f148885ac91b5739ee17331fb3abe61ee9c3f3bf19e8c1508175e46ae32 1326534 libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
 e2dac52726f73e60037e34b3703676c1081a17b7c933985684825e267a79ac12 1799214 libsnmp-dev_5.4.3~dfsg-1_sparc.deb
 1e8f7a105d780d0adc0c7bc723fd27deb312b89ef4828c0f4d86dbc48195624e 146194 libsnmp-perl_5.4.3~dfsg-1_sparc.deb
 2539dbf5868747f72d47e2ae79db0f4099c36c7b4558056a70ba92531198624f 925464 libsnmp-python_5.4.3~dfsg-1_sparc.deb
 3e4b534942e38735969a7e66ebd5e08662a49ff6a93fb70e600a718de9cbe5e4 981584 tkmib_5.4.3~dfsg-1_all.deb
Files: 
 44f37851ddf80872890197528c5db55d 1828 net optional net-snmp_5.4.3~dfsg-1.dsc
 8fbaa389537fcc4ae858cfb6fdfa9562 4389779 net optional net-snmp_5.4.3~dfsg.orig.tar.gz
 561a5249ef689f6cb3168edf8db4da59 49104 net optional net-snmp_5.4.3~dfsg-1.debian.tar.gz
 133948558afd657eb9a48e210e1d73ad 963266 net optional snmpd_5.4.3~dfsg-1_sparc.deb
 361979e0913ac55d351630820f336ce5 1049072 net optional snmp_5.4.3~dfsg-1_sparc.deb
 2daaafeeb27d837c307d5f685f347cf2 1096940 libs optional libsnmp-base_5.4.3~dfsg-1_all.deb
 93c2df5c6af118bbd2ebcb1270c0be35 2126670 libs optional libsnmp15_5.4.3~dfsg-1_sparc.deb
 ecadba7e56dc61d186dabc85a8cb958b 1326534 debug extra libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
 589f5ed516c5712fb84c826829582741 1799214 libdevel optional libsnmp-dev_5.4.3~dfsg-1_sparc.deb
 820d1f3ebcbc887b69f993519a719003 146194 perl optional libsnmp-perl_5.4.3~dfsg-1_sparc.deb
 2c28082747939735292806528039998e 925464 python optional libsnmp-python_5.4.3~dfsg-1_sparc.deb
 59a66eecb57e1183bdcd703725e6fe8b 981584 net optional tkmib_5.4.3~dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMETtA0fhX0Y/ocz0RAhUyAJ4nI1X0Vu0PYU+ygPJT2xOBN7AySQCfcO27
GY8Pl58JyHO72WXsTZqX/6I=
=8gK7
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.