Version in base suite: 5.9.4+dfsg-2

Base version: net-snmp_5.9.4+dfsg-2
Target version: net-snmp_5.9.4+dfsg-2+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/net-snmp/net-snmp_5.9.4+dfsg-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/n/net-snmp/net-snmp_5.9.4+dfsg-2+deb13u1.dsc

 changelog                        |    8 ++++++++
 patches/series                   |    1 +
 patches/snmptrapd_trapoid_length |   27 +++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpin1ak9v_/net-snmp_5.9.4+dfsg-2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpin1ak9v_/net-snmp_5.9.4+dfsg-2+deb13u1.dsc: no acceptable signature found
diff -Nru net-snmp-5.9.4+dfsg/debian/changelog net-snmp-5.9.4+dfsg/debian/changelog
--- net-snmp-5.9.4+dfsg/debian/changelog	2025-05-06 11:20:52.000000000 +0000
+++ net-snmp-5.9.4+dfsg/debian/changelog	2025-12-28 20:29:38.000000000 +0000
@@ -1,3 +1,11 @@
+net-snmp (5.9.4+dfsg-2+deb13u1) trixie-security; urgency=high
+
+  * Security patch
+     - Fixed a critical vulnerability in snmptrapd triggered by a specially
+       crafted trap CVE-2025-68615 Closes: #1123861
+
+ -- Craig Small <csmall@debian.org>  Mon, 29 Dec 2025 07:29:38 +1100
+
 net-snmp (5.9.4+dfsg-2) unstable; urgency=medium
 
   * Update systemstats_linux to get expected header length Closes: #1069087
diff -Nru net-snmp-5.9.4+dfsg/debian/patches/series net-snmp-5.9.4+dfsg/debian/patches/series
--- net-snmp-5.9.4+dfsg/debian/patches/series	2025-05-06 11:20:52.000000000 +0000
+++ net-snmp-5.9.4+dfsg/debian/patches/series	2025-12-28 20:29:38.000000000 +0000
@@ -42,3 +42,4 @@
 includes_fix_national_encoding
 configure_fix_version
 linux_systemstats
+snmptrapd_trapoid_length
diff -Nru net-snmp-5.9.4+dfsg/debian/patches/snmptrapd_trapoid_length net-snmp-5.9.4+dfsg/debian/patches/snmptrapd_trapoid_length
--- net-snmp-5.9.4+dfsg/debian/patches/snmptrapd_trapoid_length	1970-01-01 00:00:00.000000000 +0000
+++ net-snmp-5.9.4+dfsg/debian/patches/snmptrapd_trapoid_length	2025-12-28 20:29:38.000000000 +0000
@@ -0,0 +1,27 @@
+Description: snmptrapd: Fix out-of-bounds trapOid[] accesses
+ Fixes: https://issues.oss-fuzz.com/issues/457106694
+ Fixes: https://issues.oss-fuzz.com/issues/458668421
+ Fixes: https://issues.oss-fuzz.com/issues/458876071
+ -
+ Fixes: CVE-2025-68615
+Author: Bart Van Assche <bvanassche@acm.org>
+Origin: upstream, https://github.com/net-snmp/net-snmp/commit/4a201ac239d2cedff32a9205d389fdb523487878
+Bug-Debian: https://bugs.debian.org/1123861
+Applied-Upstream: 5.9.5
+Reviewed-by: Craig Small <csmall@debian.org>
+Last-Update: 2025-12-28
+--- a/apps/snmptrapd_handlers.c
++++ b/apps/snmptrapd_handlers.c
+@@ -1112,6 +1112,12 @@
+ 	     */
+             if (pdu->trap_type == SNMP_TRAP_ENTERPRISESPECIFIC) {
+                 trapOidLen = pdu->enterprise_length;
++                /*
++                 * Drop packets that would trigger an out-of-bounds trapOid[]
++                 * access.
++                 */
++                if (trapOidLen < 1 || trapOidLen > OID_LENGTH(trapOid) - 2)
++                    return 1;
+                 memcpy(trapOid, pdu->enterprise, sizeof(oid) * trapOidLen);
+                 if (trapOid[trapOidLen - 1] != 0) {
+                     trapOid[trapOidLen++] = 0;