Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted frr 7.5.1-1.1+deb10u2 (source) into oldoldstable
Date: Sat, 27 Apr 2024 17:50:22 +0000
Signed by: Tobias Frost <tobi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Apr 2024 19:24:07 +0200
Source: frr
Architecture: source
Version: 7.5.1-1.1+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: David Lamparter <equinox-debian@diac24.net>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1008010 1016978 1055852
Changes:
 frr (7.5.1-1.1+deb10u2) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * d/clean: Remove generated files on rebuild.
   * Backport fixed for several vuffer overflow vulnerabilties:
     CVE-2022-26125, CVE-2022-26126, CVE-2022-26127 (Closes: #1008010)
     CVE-2022-26128, CVE-2022-26129
   * Enabling patching of the fuzz test vectors with quilt
     - Add patch to build system disabling handling the fuzz testvectors.
     - Introduce the fuzz testvectors as patch, as upstream shipped it only
       compressed and we need to patch it, otherwise the fix for CVE-2022-26125
       would break the tests.
   * CVE-2022-37035 - Racy use after free (Closes: #1016978)
   * CVE-2023-38406 - "flowspec overflow."
   * CVE-2023-38407 - Buffer overread (Closes: #1055852)
   * Backport fixes for several vulnerabilties:
     - DoS (crash) CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235
       (Also filed in #1055852), CVE-2024-31948 and
     - CVE-2024-31949 - DoS causing an infinite loop
Checksums-Sha1:
 6235d6f5bf8baf722de3888552fae11d24228167 2644 frr_7.5.1-1.1+deb10u2.dsc
 3c3a07fce8e8c4627d3897bf4e753aebfb8a4bd2 114540 frr_7.5.1-1.1+deb10u2.debian.tar.xz
 faa91469acecc5e3272e08c21106fdcc0b8424b6 11689 frr_7.5.1-1.1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 ec7ca293cb270940f118a97658e9afb2de4e2820b67b8461d6f519ccbee9eb28 2644 frr_7.5.1-1.1+deb10u2.dsc
 05267196197e0094e8f8fa1e00c4573c8fa3c59150f4d4af135342746765d79f 114540 frr_7.5.1-1.1+deb10u2.debian.tar.xz
 96d801d3d65e5039dd6584838e86bd280a21798783d5147b95025dbf8e44c75d 11689 frr_7.5.1-1.1+deb10u2_amd64.buildinfo
Files:
 8d7a7957c49edd703cb0abee87227f7d 2644 net optional frr_7.5.1-1.1+deb10u2.dsc
 27971459eb5d47684a3f7262adcd72a9 114540 net optional frr_7.5.1-1.1+deb10u2.debian.tar.xz
 461accef944d0dc6a9d1e2797ce1e8ae 11689 net optional frr_7.5.1-1.1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmYtNh8ACgkQkWT6HRe9
XTZwCg/9HtGBjRu6WSZtaSTFOakm1rUdo8MHKffxTTvzLZChO2bwRP4NXD/8NB/g
kZQVHdgXwB9euK6OcyU3M0PRnU5LxyYikPndxFFZPW99L+AqPaMQmxyR8+ufwk/B
ILv2plY+HJyPmS8I+Hzt8SkRcfwWvGs3M6mzOjcAL6ye3LLzruM6R1w7Yv/zMm0L
ruvezszxa3bwihJP02/W5nHLNj74nkg4GaSuzPmWg/xS7H54aCgwiAAQDK9Nj7KB
DMy3Fbn5WL6hmnA1bkx8gT0u1Jkl2s/wkOHjtnp+wUNjtLwpNOa35KaB0/cUivjm
5XYT5FPZjUqkjvIQMmV6W93MLq4oC7puVr7/KQoYajE1p8ADFFkFWYMn0lgCE6pL
aO2lvyXQzCLUS3HktSA2Lxcct/VttZlQ2sobY8D+ZtLDTkJ+YMd+8c73msXvym6d
EPefuObbTnlbZRQefDRFHTYUAP3sBwFvcQ5hcpzy9VVQEzv7QUPCjmS0Z2V/+2fk
BqAOdeIvhud1F/7f3Q4Hq5SFYFRU1YFzN/7K7QUFaZSXW1YE1mR6Rx4eG2bGBBl5
m9brjyJthZeNeXKhqof5wyTrMG4jTsIS/AQIT8vTonTzoFGp4UIXJDZo3denxopE
KFzwzb0BNg+SZKLd9PIV7174NB7G26+6P+WuNI3TD5ULEuAM9rc=
=IQbK
-----END PGP SIGNATURE-----
News for package frr
