Freeze exception for quagga
Hello
Please allow quagga 0.99.17-1 into testing. It fixes two security flaws
which are hard to backport as they are quite big and deep in the core of
the BGP code.
We try, together with redhat, to convince upstream to provide patches for
the last stable releasee but that might take a while and for testing it's
just one minor revision although it does contain other stuff like bugfixes
and enhancements apart from the mentioned security flaws.
The package built fine so far and is 2 days old. Changelog is:
quagga (0.99.17-1) unstable; urgency=high
.
* SECURITY:
"This release provides two important bugfixes, which address remote
crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262
bye,
-christian-
Reply to: