Hi Felix and all, On Fri, Jul 31, 2020 at 03:36:54PM +0200, Felix Sperling wrote: > Hi, > > we were also effected from the update 5.7.3+dfsg-1.7+deb9u2 causing lots of > broken icinga checks. > > Our workaround is pinning 5.7.3+dfsg-1.7+deb9u1. > > What's unclear from the solution if 5.8 also will be available in stretch > and buster which we need. Otherwise it would be great to enable extend in > 5.7.3 for those versions.
5.8+dfsg-5 cannot go to buster and stretch, so this is not an option. For buster the update the maintainer (Craig Small) is planning for the security update is mirroring what went into unstable. As 5.7.3+dfsg-1.7+deb9u2 went out as DLA 2299-1, I'm looping in here the LTS team. LTS team: Would suggest to issue a regression update for the DLA and revisit the fix for CVE-2020-15862 to do the same, not to disable EXTEND-MIB completely but making it read-only. Hope this helps so far, Regards, Salvatore
