[Bug 625740] [NEW] Sync quagga 0.99.17-1 (main) from Debian unstable (main)

Michael Bienia michael at bienia.de
Sat Aug 28 10:20:24 BST 2010 

Public bug reported:

Please sync quagga 0.99.17-1 (main) from Debian unstable (main)

A look at the upstream changelog
(http://www.quagga.net/download/quagga-0.99.17.changelog.txt)
shows no changes that would need a FFe. A look at the diffstat
of the debdiff shows also no huge changes to the source (except
generated files like configure and .in files).

Changelog entries since current maverick version 0.99.16-1:

quagga (0.99.17-1) unstable; urgency=high

  * SECURITY:
    "This release provides two important bugfixes, which address remote crash
    possibility in bgpd discovered by CROSS team.":
    1. Stack buffer overflow by processing certain Route-Refresh messages
       CVE-2010-2948
    2. DoS (crash) while processing certain BGP update AS path messages
       CVE-2010-2949
    Closes: #594262

 -- Christian Hammers <ch at debian.org>  Wed, 25 Aug 2010 00:52:48 +0200

** Affects: quagga (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: quagga (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: quagga (Ubuntu)
       Status: New => Confirmed

** Changed in: quagga (Ubuntu)
       Status: Confirmed => New

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2948

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2949

-- 
Sync quagga 0.99.17-1 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/625740
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.

Status in “quagga” package in Ubuntu: New

Bug description:
Please sync quagga 0.99.17-1 (main) from Debian unstable (main)

A look at the upstream changelog
(http://www.quagga.net/download/quagga-0.99.17.changelog.txt)
shows no changes that would need a FFe. A look at the diffstat
of the debdiff shows also no huge changes to the source (except
generated files like configure and .in files).

Changelog entries since current maverick version 0.99.16-1:

quagga (0.99.17-1) unstable; urgency=high

  * SECURITY:
    "This release provides two important bugfixes, which address remote crash
    possibility in bgpd discovered by CROSS team.":
    1. Stack buffer overflow by processing certain Route-Refresh messages
       CVE-2010-2948
    2. DoS (crash) while processing certain BGP update AS path messages
       CVE-2010-2949
    Closes: #594262

 -- Christian Hammers <ch at debian.org>  Wed, 25 Aug 2010 00:52:48 +0200

More information about the Ubuntu-sponsors mailing list