[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted quagga (source amd64 all)

Hash: SHA1

Format: 1.8
Date: Tue, 26 Nov 2013 00:32:42 +0100
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Distribution: stable-security
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Closes: 681088 687124 690013 694852 710147 726724 730513
 quagga ( stable-security; urgency=high
     CVE-2013-6051 - a bug in Quagga 0.99.21 that could let bgpd crash on
     receiving normal, valid BGP updates. Closes: #730513
 quagga ( unstable; urgency=high
     "ospfd: CVE-2013-2236, stack overrun in apiserver
     the OSPF API-server (exporting the LSDB and allowing announcement of
     Opaque-LSAs) writes past the end of fixed on-stack buffers.  This leads
     to an exploitable stack overflow.
     For this condition to occur, the following two conditions must be true:
     - Quagga is configured with --enable-opaque-lsa
     - ospfd is started with the "-a" command line option
     If either of these does not hold, the relevant code is not executed and
     the issue does not get triggered."
     Closes: #726724
   * New upstream release
     - ospfd: protect vs. VU#229804 (malformed Router-LSA)
       (Quagga is said to be non-vulnerable but still adds some protection)
 quagga ( unstable; urgency=low
   * Added autopkgtests (thanks to Yolanda Robla). Closes: #710147
   * Added "status" command to init script (thanks to James Andrewartha).
     Closes: #690013
   * Added "libsnmp-dev" to Build-Deps. There not needed for the official
     builds but for people who compile Quagga themselves to activate the
     SNMP feature (which for licence reasons cannot be done by Debian).
     Thanks to Ben Winslow). Closes: #694852
   * Changed watchquagga_options to an array so that quotes can finally
     be used as expected. Closes: #681088
   * Fixed bug that prevented restarting only the watchquagga daemon
     (thanks to Harald Kappe). Closes: #687124
 quagga ( unstable; urgency=low
   * New upstream release
     - ospfd restore nexthop IP for p2p interfaces
     - ospfd: fix LSA initialization for build without opaque LSA
     - ripd: correctly redistribute ifindex routes (BZ#664)
     - bgpd: fix lost passwords of grouped neighbors
   * Removed 91_ld_as_needed.diff as it was found in the upstream source.
 quagga (0.99.22-1) unstable; urgency=low
   * New upstream release.
     - [bgpd] The semantics of default-originate route-map have changed.
       The route-map is now used to advertise the default route conditionally.
       The old behaviour which allowed to set attributes on the originated
       default route is no longer supported.
     - [bgpd] this version of bgpd implements draft-idr-error-handling.  This was
       added in 0.99.21 and may not be desirable.  If you need a version
       without this behaviour, please use  There will be a
       runtime configuration switch for this in future versions.
     - [isisd] is in "beta" state.
     - [ospf6d] is in "alpha/experimental" state
     - More changes are documented in the upstream changelog!
   * debian/watch: Adjusted to new savannah.gnu.org site, thanks to Bart
   * debian/patches/99_CVE-2012-1820_bgp_capability_orf.diff removed as its
     in the changelog.
   * debian/patches/99_distribute_list.diff removed as its in the changelog.
   * debian/patches/10_doc__Makefiles__makeinfo-force.diff removed as it
     was just for Debian woody.
 9f71d94454e158536db8e8cee80e9cd9cc292d6f 1516 quagga_0.99.22.4-1+wheezy1.dsc
 73019bf915ff4fe7cd497f11579c05f35fe09df5 2352406 quagga_0.99.22.4.orig.tar.gz
 f151836b02ac08545f4de2339cabffe8ebb32c74 39757 quagga_0.99.22.4-1+wheezy1.debian.tar.gz
 7bf5f1511d24727c0307e340e8b0e9174f05d50c 1723840 quagga_0.99.22.4-1+wheezy1_amd64.deb
 5076fd8dc65147c51842776777b8933bfd52246c 2527312 quagga-dbg_0.99.22.4-1+wheezy1_amd64.deb
 b5ac416e25f732b77ec1ada0cebac5f2fecdffa7 656250 quagga-doc_0.99.22.4-1+wheezy1_all.deb
 5953f2cc0d7cf8eb73c7d2eec34728735983c0afe66d0196ca372570a6651de5 1516 quagga_0.99.22.4-1+wheezy1.dsc
 cbe48d5cc57bbaa07cfd8362ba598447dc94aa866ddc5794e57172709d36ba79 2352406 quagga_0.99.22.4.orig.tar.gz
 a15a24ea871281abe588830ff5e1828b0ddea7b5e582f1b8180d172be78a28c9 39757 quagga_0.99.22.4-1+wheezy1.debian.tar.gz
 1cf2610d17801d863efcdeddaf93bed6fa4a9289a5897f5e58b56bc447a807e2 1723840 quagga_0.99.22.4-1+wheezy1_amd64.deb
 2da21382eb241b0224e273ea63c76d735c7947d9854b96296634d6701c497caa 2527312 quagga-dbg_0.99.22.4-1+wheezy1_amd64.deb
 fc9dd49c9d755e01ad96688e45815883d822b6baaa1a7460185bea1292d61b89 656250 quagga-doc_0.99.22.4-1+wheezy1_all.deb
 de9f16b9374a6b4167b246599712dd23 1516 net optional quagga_0.99.22.4-1+wheezy1.dsc
 27ef98abb1820bae19eb71f631a10853 2352406 net optional quagga_0.99.22.4.orig.tar.gz
 0266632837c85abab719901a734808a4 39757 net optional quagga_0.99.22.4-1+wheezy1.debian.tar.gz
 e088c7c7893e8a1abd1bcd5bb4b77572 1723840 net optional quagga_0.99.22.4-1+wheezy1_amd64.deb
 6b40bc9eb9d00eb7a2a7f34eec311d74 2527312 debug extra quagga-dbg_0.99.22.4-1+wheezy1_amd64.deb
 b9972e2d123a2d9c225bfcca63573c2a 656250 net optional quagga-doc_0.99.22.4-1+wheezy1_all.deb

Version: GnuPG v1.4.15 (GNU/Linux)


Reply to: