Re: Bug#966544: snmpd: extend option broken after update
- To: 966544@bugs.debian.org
- Cc: Felix Sperling <felix.sperling@idealo.de>, 'Craig Small' <csmall@debian.org>, debian-lts@lists.debian.org, James Greig <james@host-it.co.uk>, Christian Balzer <chibi@gol.com>, Albertas Sileika <a.sileika@gmail.com>, Ramon Cahenzli <rca@psy-q.ch>, Rudi Daemen <info@kratjebierhosting.nl>, Zubrick <zubrick@number6.ch>
- Subject: Re: Bug#966544: snmpd: extend option broken after update
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 4 Aug 2020 19:13:06 +0200
- Message-id: <[🔎] 20200804171306.GA1162364@eldamar.local>
- Mail-followup-to: 966544@bugs.debian.org, Felix Sperling <felix.sperling@idealo.de>, 'Craig Small' <csmall@debian.org>, debian-lts@lists.debian.org, James Greig <james@host-it.co.uk>, Christian Balzer <chibi@gol.com>, Albertas Sileika <a.sileika@gmail.com>, Ramon Cahenzli <rca@psy-q.ch>, Rudi Daemen <info@kratjebierhosting.nl>, Zubrick <zubrick@number6.ch>
- In-reply-to: <[🔎] 20200801063717.GA694637@eldamar.local>
- References: <159611179046.14966.9800349697777734072.reportbug@lb-2.srv.host-it.co.uk> <7d48855d-b35f-15f7-5e09-f19a6a04d4b9@idealo.de> <159611179046.14966.9800349697777734072.reportbug@lb-2.srv.host-it.co.uk> <[🔎] 20200801063717.GA694637@eldamar.local>
Hi Felix and all,
On Sat, Aug 01, 2020 at 08:37:17AM +0200, Salvatore Bonaccorso wrote:
> Hi Felix and all,
>
> On Fri, Jul 31, 2020 at 03:36:54PM +0200, Felix Sperling wrote:
> > Hi,
> >
> > we were also effected from the update 5.7.3+dfsg-1.7+deb9u2 causing lots of
> > broken icinga checks.
> >
> > Our workaround is pinning 5.7.3+dfsg-1.7+deb9u1.
> >
> > What's unclear from the solution if 5.8 also will be available in stretch
> > and buster which we need. Otherwise it would be great to enable extend in
> > 5.7.3 for those versions.
>
> 5.8+dfsg-5 cannot go to buster and stretch, so this is not an option.
> For buster the update the maintainer (Craig Small) is planning for the
> security update is mirroring what went into unstable.
>
> As 5.7.3+dfsg-1.7+deb9u2 went out as DLA 2299-1, I'm looping in here
> the LTS team. LTS team: Would suggest to issue a regression update for
> the DLA and revisit the fix for CVE-2020-15862 to do the same, not to
> disable EXTEND-MIB completely but making it read-only.
This should be handled with DLA 2313-1[1].
[1] https://lists.debian.org/debian-lts-announce/2020/08/msg00009.html
Regards,
Salvatore
Reply to: