[Bug 625740] [NEW] Sync quagga 0.99.17-1 (main) from Debian unstable (main)
Michael Bienia
michael at bienia.de
Sat Aug 28 10:20:24 BST 2010
Public bug reported:
Please sync quagga 0.99.17-1 (main) from Debian unstable (main)
A look at the upstream changelog
(http://www.quagga.net/download/quagga-0.99.17.changelog.txt)
shows no changes that would need a FFe. A look at the diffstat
of the debdiff shows also no huge changes to the source (except
generated files like configure and .in files).
Changelog entries since current maverick version 0.99.16-1:
quagga (0.99.17-1) unstable; urgency=high
* SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262
-- Christian Hammers <ch at debian.org> Wed, 25 Aug 2010 00:52:48 +0200
** Affects: quagga (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: quagga (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: quagga (Ubuntu)
Status: New => Confirmed
** Changed in: quagga (Ubuntu)
Status: Confirmed => New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2948
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2949
--
Sync quagga 0.99.17-1 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/625740
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list