diff -u net-snmp-5.4.1~dfsg/debian/changelog net-snmp-5.4.1~dfsg/debian/changelog
--- net-snmp-5.4.1~dfsg/debian/changelog
+++ net-snmp-5.4.1~dfsg/debian/changelog
@@ -1,3 +1,11 @@
+net-snmp (5.4.1~dfsg-4ubuntu4.3) hardy-security; urgency=low
+
+  * SECURITY-UPDATE: net-analyzer/net-snmp tcp-wrappers vulnerability 
+                     allowing 3rd parties to access snmpd
+    - 51_CVE-2008-6123: fixes this issue (LP:#3311410)
+
+ -- Stephan Hermann <sh@sourcecode.de>  Thu, 19 Feb 2009 07:23:57 +0000
+
 net-snmp (5.4.1~dfsg-4ubuntu4.2) hardy-security; urgency=low
 
   * SECURITY UPDATE: authentication bypass via spoofed SNMPv3 packets.
only in patch2:
unchanged:
--- net-snmp-5.4.1~dfsg.orig/debian/patches/51_CVE-2008-6123.patch
+++ net-snmp-5.4.1~dfsg/debian/patches/51_CVE-2008-6123.patch
@@ -0,0 +1,21 @@
+diff -Nur -x '*.orig' -x '*~' net-snmp-5.4.1~dfsg/snmplib/snmpUDPDomain.c net-snmp-5.4.1~dfsg.new/snmplib/snmpUDPDomain.c
+--- net-snmp-5.4.1~dfsg/snmplib/snmpUDPDomain.c	2007-06-10 22:15:24.000000000 +0000
++++ net-snmp-5.4.1~dfsg.new/snmplib/snmpUDPDomain.c	2009-02-19 07:43:57.960001920 +0000
+@@ -104,11 +104,12 @@
+ 	char tmp[64];
+         to = (struct sockaddr_in *) &(addr_pair->remote_addr);
+         if (to == NULL) {
+-            return strdup("UDP: unknown");
+-        }
+-
+-        sprintf(tmp, "UDP: [%s]:%hu",
+-                inet_ntoa(to->sin_addr), ntohs(to->sin_port));
++            sprintf(tmp,"UDP: unknown->[%s]",inet_ntoa(addr_pair->local_addr));
++        } else {
++        	sprintf(tmp, "UDP: [%s]:%hu",
++                	inet_ntoa(to->sin_addr), ntohs(to->sin_port));
++		sprintf(tmp+strlen(tmp),"[%s]",inet_ntoa(addr_pair->local_addr));
++	}
+         return strdup(tmp);
+     }
+ }