Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted lldpd 1.0.3-1+deb10u2 (source) into oldoldstable
Date: Fri, 22 Sep 2023 16:40:20 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 Sep 2023 18:29:07 CEST
Source: lldpd
Architecture: source
Version: 1.0.3-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Vincent Bernat <bernat@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 78f8ff87b4e2cf3c25a4268501c5af74c422bbe8 2245 lldpd_1.0.3-1+deb10u2.dsc
 89d65bef13ce081e23fa95a2161bfcf124221a50 11944 lldpd_1.0.3-1+deb10u2.debian.tar.xz
 c5ebd85db7afb7bc9b1df56c4eb51f54463cb852 7771 lldpd_1.0.3-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 5d5a9c7651319b9c63e4a6492172eaf77bab4f76c3993396225d66be3d1a5bd1 2245 lldpd_1.0.3-1+deb10u2.dsc
 e9be2b4a15f61d4286fb423d54982c85e569f1c4cd9d29abd13309d7a5ca7624 11944 lldpd_1.0.3-1+deb10u2.debian.tar.xz
 abb6a2f330609e5851e8bea4651ade75a8eec3916c8fe9471582afeeb6e960fe 7771 lldpd_1.0.3-1+deb10u2_amd64.buildinfo
Changes:
 lldpd (1.0.3-1+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2023-41910:
     Matteo Memelli discovered a flaw in lldp, an implementation of the IEEE
     802.1ab protocol. By crafting a CDP PDU packet with specific
     CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd
     daemon to perform an out-of-bounds read on heap memory.
Files:
 e1392ddeae075d36030cd4e406426689 2245 net optional lldpd_1.0.3-1+deb10u2.dsc
 35cd64ea16c5c446a5489f8e4ae6bf8f 11944 net optional lldpd_1.0.3-1+deb10u2.debian.tar.xz
 308449c916640ddcb6c6f639bd35493a 7771 net optional lldpd_1.0.3-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUNwUBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfCkQALIVkbRRYczOC9KSkdvPUKhKoY2o5KJ2YYGm
CSYIKc/5G4ygcgAr0ZINP54OgY/Fj6mqH0UfwLmjYbJQ7aZrAUwczwF/0URx3tD0
2kQfn98I94c0reAN9VBS3sijLr/mhVlxRE0Rq9Q/4MXfmrTWgxQX63y4PGiYrZmZ
0y8Mv3OPqoR1rwd7mbgqvpfmnNXyaYBdqEUT2ODNp46N588ZIr4zFrhfR6sG2NTV
xtkqySYz2LmWi9g4fIGIxtCLAfX8wVQpWnV8PRBUwaYZf+0zahYEb09RR6yX+Pia
djEROazsOdMSrCfbWcfKlK+Tcm4G4OjedFzKSdz7UvRU0wprg91sn0Q7/DycE9G5
ix9lwQEz53BMzQSu1ActvKGcByifMR88sDTX3QEvn+7TNo9ZaLAtfmSRridtLbh9
a4UrFQEcpIv/q332BmxYutY/+KKld024JipXK7AmBGnwOlrnoKjEyBYPuU7fffUA
y23DfvrJWDsOVugeTQE9kS80IO25lxo7GIWPArm6ibmR4ZpxDfEgd1k5BRWEH6r2
iGrWthGz6rHhP3hqv6AY6tKvMSiEU9PpGSya29gOI682N4iCCTgV3xlqlwoyc0ed
AM7FLuTBq3XVKBaaZhgoF0UYYh/MJm03kOi2yzNxXOYbE0wXdQYJDPar7MFy+VeZ
nx1z0T/A
=0072
-----END PGP SIGNATURE-----

News for package lldpd