Improve net snmp cve fix (!3) · Merge requests · Debian / net-snmp

Sergio Durigan Junior requested to merge sergiodj/net-snmp:improve-net-snmp-cve-fix into master Jul 06, 2020

Hi there,

I would like to propose this improvement over the current fix for CVE-2019-20892 (Debian bug #963713).

As it is today, the fix is not entirely complete because it doesn't address a few code changes that are needed in order to fix some memory leaks that were introduced by the first upstream commit that was backported. For example, it is necessary to create a reference count inside struct usmStateReference in order to properly free all instances of it.

This MR also brings the Ubuntu and Debian packages closer, which is an added benefit since the Ubuntu security team already reviewed the backported patches and released a fix for the same CVE.

Improve net snmp cve fix

Merge request reports