[Bug 1589315] [NEW] Sync quagga 1.0.20160315-1 (main) from Debian unstable (main)
Launchpad Bug Tracker
1589315 at bugs.launchpad.net
Sun Jun 5 23:15:40 UTC 2016
You have been subscribed to a public bug by Logan Rosen (logan):
Please sync quagga 1.0.20160315-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service or arbitrary code execution via
Labeled-VPN SAFI and crafted packet
- debian/patches/CVE-2016-2342.patch: sanity check lengths in
bgpd/bgp_mplsvpn.c.
- CVE-2016-2342
Done in Debian.
Changelog entries since current yakkety version 0.99.24.1-2ubuntu1:
quagga (1.0.20160315-1) unstable; urgency=high
* SECURITY:
CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length
(Closes: #819179)
* New upstream release
* babeld has been removed from the Quagga upstream project.
There is a implementation available in the Debian "babeld" package.
* Removed no longer recognized configure options: --enable-ospf-te,
--enable-opaque-lsa and --enable-ipv6
* Removed configure options that are now default: --enable-pimd and
--enable-vtysh
-- Christian Brunotte <ch at debian.org> Wed, 30 Mar 2016 23:34:33 +0200
** Affects: quagga (Ubuntu)
Importance: Wishlist
Status: New
--
Sync quagga 1.0.20160315-1 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1589315
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list