Bug#841162: marked as done (quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 18 Oct 2016 22:48:59 +0000
with message-id <E1bwdBr-0002KD-Ji@franck.debian.org>
and subject line Bug#841162: fixed in quagga 1.0.20160315-3
has caused the Debian Bug report #841162,
regarding quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
841162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841162
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 18 Oct 2016 09:54:48 +0200
• Message-id: <[🔎] 147677728863.29191.8989326113763733210.reportbug@lorien.valinor.li>

Source: quagga
Version: 0.99.23.1-1
Severity: grave
Tags: security upstream patch

Hi,

the following vulnerability was published for quagga.

CVE-2016-1245[0]:
zebra: stack overrun in IPv6 RA receive code

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-1245

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 841162-close@bugs.debian.org
• Subject: Bug#841162: fixed in quagga 1.0.20160315-3
• From: Florian Weimer <fw@deneb.enyo.de>
• Date: Tue, 18 Oct 2016 22:48:59 +0000
• Message-id: <E1bwdBr-0002KD-Ji@franck.debian.org>

Source: quagga
Source-Version: 1.0.20160315-3

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 841162@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Florian Weimer <fw@deneb.enyo.de> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 18 Oct 2016 22:06:18 +0200
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 1.0.20160315-3
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Florian Weimer <fw@deneb.enyo.de>
Description:
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Closes: 841162
Changes:
 quagga (1.0.20160315-3) unstable; urgency=high
 .
   * Apply patch to fix CVE-2016-1245.  Closes: #841162.
Checksums-Sha1:
 8afff4e642bdbd52a885d81dc1cbfc133efe1f10 1850 quagga_1.0.20160315-3.dsc
 b259d7c52c491cf1e344cc4785d205c5aeb46522 36352 quagga_1.0.20160315-3.debian.tar.xz
 ee3a2272b49a713cfca26efc3bc605f6801244d0 2121450 quagga-dbg_1.0.20160315-3_amd64.deb
 71f4cdbc58a20412acc78afb0336b3bfa44864bb 977348 quagga-doc_1.0.20160315-3_all.deb
 54c33120528d67f680a8ba6a896ff2ec8aba4128 1365952 quagga_1.0.20160315-3_amd64.deb
Checksums-Sha256:
 2ac5563066e3f352078c8f9467f05eebf0fdd9e5e39afb0a327482cff8566f26 1850 quagga_1.0.20160315-3.dsc
 f0e1051396f152e505a0cc9f4244bc44ffbecf11dd494b8e62d2f0da3dfa9be3 36352 quagga_1.0.20160315-3.debian.tar.xz
 bbf95f62562b0e14a0e8acd7035763be7790c06046bce154678994a3d1d5682b 2121450 quagga-dbg_1.0.20160315-3_amd64.deb
 7a05abf817663ff3229eba6632c043ab92c3078ad5179eb498b08b6b232ada78 977348 quagga-doc_1.0.20160315-3_all.deb
 29fec831cc8074178833550b844bedccd5d29e5c0f72fa65cb4401b27342951b 1365952 quagga_1.0.20160315-3_amd64.deb
Files:
 88ab56fa14f17513b6df3213d55a75ec 1850 net optional quagga_1.0.20160315-3.dsc
 5ac532674484640b6c7311e685e4cdbe 36352 net optional quagga_1.0.20160315-3.debian.tar.xz
 803c52c98443fa01460f7f8b79335533 2121450 debug extra quagga-dbg_1.0.20160315-3_amd64.deb
 aee71677f2c4ed27fc642c36be453749 977348 net optional quagga-doc_1.0.20160315-3_all.deb
 9411c17fc6a01be7bbb2f6d0f5e786c7 1365952 net optional quagga_1.0.20160315-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJYBo3UAAoJEL97/wQC1SS+bbEH/jor+NnM32r2OxJU3StcS/Yh
Y9twZSf3DTiKXe7a9YFPB2QgjrIdoDonPFLXu/kF5SiW3Jv0TJH3d7WHeQJqy0aK
rpBxJSGsHdpPhzFLi63pKgLoPRkVaAh8Yv8zxx8Ks1WsC/yhVU2zMIrDSwR5uuyf
6R6rx6kazjL7m7wRR+dwSmPP3ARhHBi0Ti/egxee6hwW9QFLxeR0d8UkAUufxbgt
ezaW2y95ydxxXg51WvpOEljnkuT/ef/G6Z03z6J6SKb85YRmm1+go8F+/PtaSzzw
UIr66wnj5RukZ8rUmmE9X/Ys1DlpmF9TO46qw+KwS4J6p3ZVhG+zSb01TBwP7kk=
=rCHJ
-----END PGP SIGNATURE-----

--- End Message ---