[oe-commits] Holger Hans Peter Freyther : net-snmp-5.4.2.1: Addresses CVE-2008-6123.

git version control git at git.openembedded.org
Mon Mar 8 06:33:36 UTC 2010 

Module: openembedded.git
Branch: org.openembedded.dev
Commit: 4fb5a96bb21e03dc6e4ef9b8d8917536642dec11
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=4fb5a96bb21e03dc6e4ef9b8d8917536642dec11

Author: Holger Hans Peter Freyther <zecke at selfish.org>
Date:   Mon Mar  8 07:24:03 2010 +0100

net-snmp-5.4.2.1: Addresses CVE-2008-6123.

See http://bugs.gentoo.org/show_bug.cgi?id=250429 for more details.

---

 .../net-snmp/net-snmp-5.4.2.1/CVE-2008-6123.patch  |   21 ++++++++++++++++++++
 recipes/net-snmp/net-snmp_5.4.2.1.bb               |    3 +-
 2 files changed, 23 insertions(+), 1 deletions(-)

diff --git a/recipes/net-snmp/net-snmp-5.4.2.1/CVE-2008-6123.patch b/recipes/net-snmp/net-snmp-5.4.2.1/CVE-2008-6123.patch
new file mode 100644
index 0000000..5d4658c
--- /dev/null
+++ b/recipes/net-snmp/net-snmp-5.4.2.1/CVE-2008-6123.patch
@@ -0,0 +1,21 @@
+http://bugs.gentoo.org/show_bug.cgi?id=250429
+
+diff -Naur a/snmplib.orig/snmpUDPDomain.c b/snmplib/snmpUDPDomain.c
+--- a/snmplib.orig/snmpUDPDomain.c	2007-10-11 22:46:30.000000000 +0200
++++ b/snmplib/snmpUDPDomain.c	2009-07-10 23:41:37.000000000 +0200
+@@ -104,12 +110,12 @@
+ 	char tmp[64];
+         to = (struct sockaddr_in *) &(addr_pair->remote_addr);
+         if (to == NULL) {
+-            sprintf(tmp, "UDP: [%s]->unknown",
++            sprintf(tmp, "UDP: unknown->[%s]",
+                     inet_ntoa(addr_pair->local_addr));
+         } else {
+-            sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr));
+-            sprintf(tmp + strlen(tmp), "[%s]:%hd",
++            sprintf(tmp, "UDP: [%s]:%hu->",
+                     inet_ntoa(to->sin_addr), ntohs(to->sin_port));
++            sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr));
+         }
+         return strdup(tmp);
+     }
diff --git a/recipes/net-snmp/net-snmp_5.4.2.1.bb b/recipes/net-snmp/net-snmp_5.4.2.1.bb
index 7e81151..f22120c 100644
--- a/recipes/net-snmp/net-snmp_5.4.2.1.bb
+++ b/recipes/net-snmp/net-snmp_5.4.2.1.bb
@@ -1,8 +1,9 @@
 require net-snmp.inc
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
         file://configure-tail.patch;patch=1 \
+        file://CVE-2008-6123.patch;patch=1 \
         file://init \
         file://snmpd.conf \
         file://snmptrapd.conf"

More information about the Openembedded-commits mailing list