[nsp] recent SNMP vulnerability vs 12.1(13)E14

Clayton Kossmeyer ckossmey at cisco.com
Fri Apr 23 11:23:46 EDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It's important to note that CSCed68575 was written in response to
problems caused by CSCeb22276.

Releases that don't have CSCeb22276 integrated (12.1(13)Ex, for
example) don't need CSCed68575.

Bug Toolkit doesn't really handle displaying regression information
very well.

A recently published revision (1.3) of the advisory calls out all
affected releases in the Affected Products section.

http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml

Hopefully this helps clear up some of the confusion.

Regards,

Clay

On Fri, Apr 23, 2004 at 04:29:14PM +0200, Kinczli Zolt?n wrote:
> hello,
> 
>   and the most important Q is:
> 
> if there are some maintenance releases of a train, for instance 12.1(13)E, 12.1(14)E, 12.1(19)E and 12.1(20)E,
> - and each has several rebuilds, E1, E2, E3, and so on...
> - and there is a bug, which get first integrated, say in April into 12.1(19.x)E interim,
> will it be intergrated, say in June into later rebuilds of less numbered (e.g. y<19) maintenence release.
> 
> see my point?
> 
> 
> April		12.1(19.x)E gets the fix, as the bugnav tells us, it's the 'first fixed-in' version
> 		at this time, say 12.1(13)E13 is alreay available
>   time passes
> May		12.1(20)E comes out, and of course it gets the fix
>   time passes
> June		12.1(13)E14 comes out... Q: will it receive the fix?
> 
>   what's tha main logic behind?
> 
> rgds
>  --zoltan
> 
> -----Original Message-----
> From: Gert Doering [mailto:gert at greenie.muc.de]
> Sent: Friday, April 23, 2004 3:57 PM
> To: Jay Young
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] recent SNMP vulnerability vs 12.1(13)E14
> 
> 
> Hi,
> 
> On Fri, Apr 23, 2004 at 09:45:42AM -0400, Jay Young wrote:
> > Along a similar line what about 12.2.18S3 the advisory says that 12.2S 
> > is vulnerable and the fix is 12.2.20S2 or 12.2.22S. Neither of which is 
> > available for a 7200.
> 
> As far as I understand it, the bug was introduced *after* 12.2(18)S, so 18S 
> is not-yet-vulnerable.
> 
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                            //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SunOS)

iD8DBQFAiTTrEHa/Ybuq8nARAmoOAJ41cUGVQbbZECKUICjIcriJxVLbvgCdEVAR
HTKbfPr8LcNJ/WDZ/s4SDdQ=
=GZAo
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list