Debian Package Tracker

From: Christian Hammers <ch@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted quagga 0.99.22.4-1 (source amd64 all)
Date: Sun, 27 Oct 2013 22:49:09 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 24 Oct 2013 22:58:37 +0200
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.22.4-1
Distribution: unstable
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description: 
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Closes: 726724
Changes: 
 quagga (0.99.22.4-1) unstable; urgency=high
 .
   * SECURITY:
     "ospfd: CVE-2013-2236, stack overrun in apiserver
 .
     the OSPF API-server (exporting the LSDB and allowing announcement of
     Opaque-LSAs) writes past the end of fixed on-stack buffers.  This leads
     to an exploitable stack overflow.
 .
     For this condition to occur, the following two conditions must be true:
     - Quagga is configured with --enable-opaque-lsa
     - ospfd is started with the "-a" command line option
 .
     If either of these does not hold, the relevant code is not executed and
     the issue does not get triggered."
     Closes: #726724
 .
   * New upstream release
     - ospfd: protect vs. VU#229804 (malformed Router-LSA)
       (Quagga is said to be non-vulnerable but still adds some protection)
Checksums-Sha1: 
 061471c02b6d21bc26cba7f91aeb06277e6ab65c 1484 quagga_0.99.22.4-1.dsc
 73019bf915ff4fe7cd497f11579c05f35fe09df5 2352406 quagga_0.99.22.4.orig.tar.gz
 3dee9fe815ff1413af3633e403b21583dba870d4 39688 quagga_0.99.22.4-1.debian.tar.gz
 9caccc4b5fa65a93d28ded5f68e50679ec0c115c 1104292 quagga_0.99.22.4-1_amd64.deb
 a9f0fbf62ab9a7f78a7fba50b0010e899340cd44 1674196 quagga-dbg_0.99.22.4-1_amd64.deb
 ee3f50e27998a295f9c73f687ed0b05fbcf8a08d 656596 quagga-doc_0.99.22.4-1_all.deb
Checksums-Sha256: 
 55119296a031d02927069f08ee04a0818c482c276fdfcbcdcaecb35f4fb040d5 1484 quagga_0.99.22.4-1.dsc
 cbe48d5cc57bbaa07cfd8362ba598447dc94aa866ddc5794e57172709d36ba79 2352406 quagga_0.99.22.4.orig.tar.gz
 64e2ca7fc664f606f6ffba38400639a8be05f4d623f43c260a6ba27f6e6f89dc 39688 quagga_0.99.22.4-1.debian.tar.gz
 d686471950ecb3edf135df58e3351af7a7e98fc2cbfe94d4cadc2de96e05c608 1104292 quagga_0.99.22.4-1_amd64.deb
 c49689d253eac5f76240485a87d73c5131c566af99ceb6db3fd7f6136c8a1f81 1674196 quagga-dbg_0.99.22.4-1_amd64.deb
 db1acae350cf7cf35067750c6ddc72244a721753a01e63e77ed3ca78289277a6 656596 quagga-doc_0.99.22.4-1_all.deb
Files: 
 fc433383b84a5a02b039bde1e4746f41 1484 net optional quagga_0.99.22.4-1.dsc
 27ef98abb1820bae19eb71f631a10853 2352406 net optional quagga_0.99.22.4.orig.tar.gz
 789744be712f78c2ab9468e9b5eb60cd 39688 net optional quagga_0.99.22.4-1.debian.tar.gz
 13a6ef49eacba2e8c32d35fb3f6e97a6 1104292 net optional quagga_0.99.22.4-1_amd64.deb
 9eb699ce33657d706a9ffcc3e6eb5f08 1674196 debug extra quagga-dbg_0.99.22.4-1_amd64.deb
 234393ba29852f1458fa01ab39bea3fe 656596 net optional quagga-doc_0.99.22.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJtk/EACgkQkR9K5oahGObTYwCfVQYzR2TBhXVwGYLINHjO72IK
Q/AAn0Tx+wG4tOZNl/Jv5o5U7A2rGDoM
=hqGQ
-----END PGP SIGNATURE-----
News for package quagga
