Freeze exception for quagga

To: debian-release@lists.debian.org
Cc: fw@debian.org
Subject: Freeze exception for quagga
From: "Christian Hammers" <ch@lathspell.de>
Date: Sat, 28 Aug 2010 22:14:28 +0200 (CEST)
Message-id: <[🔎] 8200372f16e0cd82a28b1b1d0f71f65a.squirrel@mail3.westend.com>

Hello

Please allow quagga 0.99.17-1 into testing. It fixes two security flaws
which are hard to backport as they are quite big and deep in the core of
the BGP code.

We try, together with redhat, to convince upstream to provide patches for
the last stable releasee but that might take a while and for testing it's
just one minor revision although it does contain other stuff like bugfixes
and enhancements apart from the mentioned security flaws.

The package built fine so far and is 2 days old. Changelog is:

 quagga (0.99.17-1) unstable; urgency=high
 .
   * SECURITY:
     "This release provides two important bugfixes, which address remote
crash
     possibility in bgpd discovered by CROSS team.":
     1. Stack buffer overflow by processing certain Route-Refresh messages
        CVE-2010-2948
     2. DoS (crash) while processing certain BGP update AS path messages
        CVE-2010-2949
     Closes: #594262

bye,

-christian-

Reply to:

Follow-Ups:
- Re: Freeze exception for quagga
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Re: Gnash 0.8.8 has just been released - Asking for an exception to the freeze
Next by Date: Bug#594550: RM: webkit/1.0.1-4+lenny2
Previous by thread: Re: Freeze exception request for games-thumbnails
Next by thread: Re: Freeze exception for quagga
Index(es):
- Date
- Thread