diff -urNpd net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/changelog net-snmp-5.4.2.1~dfsg0ubuntu1/debian/changelog
--- net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/changelog	2010-05-31 04:34:36.000000000 +0000
+++ net-snmp-5.4.2.1~dfsg0ubuntu1/debian/changelog	2010-05-31 05:15:33.000000000 +0000
@@ -1,3 +1,12 @@
+net-snmp (5.4.2.1~dfsg0ubuntu1-0ubuntu2.10.04.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE: access restriction bypass
+    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516801
+    - http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367
+    - CVE-2008-6123
+
+ -- Corey Wright <undefined@pobox.com>  Mon, 31 May 2010 00:00:29 -0500
+
 net-snmp (5.4.2.1~dfsg0ubuntu1-0ubuntu2) lucid; urgency=low
 
   * Add apport hook (LP: #533603):
diff -urNpd net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/patches/CVE-2008-6123.README net-snmp-5.4.2.1~dfsg0ubuntu1/debian/patches/CVE-2008-6123.README
--- net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/patches/CVE-2008-6123.README	1970-01-01 00:00:00.000000000 +0000
+++ net-snmp-5.4.2.1~dfsg0ubuntu1/debian/patches/CVE-2008-6123.README	2010-05-31 05:22:04.000000000 +0000
@@ -0,0 +1 @@
+Patch from Corey Wright <undefined@pobox.com> to address CVE-2008-6123 based on upstream patch set <http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367>, specifically the patch for the 5.4 branch <http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/snmplib/snmpUDPDomain.c?r1=17367&r2=17366&pathrev=17367>.
diff -urNpd net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/patches/CVE-2008-6123.patch net-snmp-5.4.2.1~dfsg0ubuntu1/debian/patches/CVE-2008-6123.patch
--- net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/patches/CVE-2008-6123.patch	1970-01-01 00:00:00.000000000 +0000
+++ net-snmp-5.4.2.1~dfsg0ubuntu1/debian/patches/CVE-2008-6123.patch	2010-05-31 04:57:40.000000000 +0000
@@ -0,0 +1,18 @@
+--- a/snmplib/snmpUDPDomain.c
++++ b/snmplib/snmpUDPDomain.c
+@@ -104,12 +104,12 @@
+ 	char tmp[64];
+         to = (struct sockaddr_in *) &(addr_pair->remote_addr);
+         if (to == NULL) {
+-            sprintf(tmp, "UDP: [%s]->unknown",
++            sprintf(tmp, "UDP: unknown->[%s]",
+                     inet_ntoa(addr_pair->local_addr));
+         } else {
+-            sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr));
+-            sprintf(tmp + strlen(tmp), "[%s]:%hd",
++            sprintf(tmp, "UDP: [%s]:%hu->",
+                     inet_ntoa(to->sin_addr), ntohs(to->sin_port));
++            sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr));
+         }
+         return strdup(tmp);
+     }
diff -urNpd net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/patches/series net-snmp-5.4.2.1~dfsg0ubuntu1/debian/patches/series
--- net-snmp-5.4.2.1~dfsg0ubuntu1.orig/debian/patches/series	2010-05-31 04:34:36.000000000 +0000
+++ net-snmp-5.4.2.1~dfsg0ubuntu1/debian/patches/series	2010-05-31 04:46:16.000000000 +0000
@@ -1,3 +1,4 @@
+CVE-2008-6123.patch
 02_statistics.patch
 03_makefiles.patch
 05_searchdirs.patch