Hi All There's a few goes of the required patches but I think I've got them all. There was the v3doublefree2.patch, a format patch and then the first git reference in the tracker where they have re-arranged the free function so it tracks the reference count.
The result does compile and build packages and it is not too terrible about the lintian warnings, but I haven't installed or tested it yet; that's a job for tomorrow (which is only an hour away, but it will be much longer than that). If anyone is keen in the meantime go ahead and see if it works for you. - Craig On Sun, 28 Jun 2020 at 22:30, Salvatore Bonaccorso <car...@debian.org> wrote: > Hi Andreas, > > On Fri, Jun 26, 2020 at 06:31:44PM -0300, Andreas Hasenack wrote: > > I believe it was introduced in 5.8. The previous version we had was 5.7.3 > > and we didn't reproduce it there. > > I can confirm that it is not reproducible with the buster version with > the avalable reproducer, but I was still searching evidence via a code > change/upstream commit where the issue was really introduced. > > If you find/found so, could you please update us as well with that > informaation so we can sync up the security-tracker information. > > Thanks for your work! > > Regards, > Salvatore > > _______________________________________________ > Pkg-net-snmp-devel mailing list > pkg-net-snmp-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-net-snmp-devel
