Your message dated Tue, 16 Oct 2007 19:56:38 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#442133: fixed in quagga 0.99.5-5etch3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: quagga
Version: 0.99.8-1
Severity: serious
Tags: security
Hi,
a CVE has been issued against quagga.
CVE-2007-4826[0]:
bgpd in Quagga before 0.99.9 allows remote BGP peers to
cause a denial of service (crash) via a malformed (1) OPEN
message or (2) COMMUNITY attribute
Please include the CVE id in the changelog if you fix the
bug.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp0JzLjjh0HB.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: quagga
Source-Version: 0.99.5-5etch3
We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:
quagga-doc_0.99.5-5etch3_all.deb
to pool/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb
quagga_0.99.5-5etch3.diff.gz
to pool/main/q/quagga/quagga_0.99.5-5etch3.diff.gz
quagga_0.99.5-5etch3.dsc
to pool/main/q/quagga/quagga_0.99.5-5etch3.dsc
quagga_0.99.5-5etch3_amd64.deb
to pool/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated quagga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Sep 2007 22:10:42 +0200
Source: quagga
Binary: quagga quagga-doc
Architecture: source amd64 all
Version: 0.99.5-5etch3
Distribution: stable-security
Urgency: high
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: Christian Hammers <[EMAIL PROTECTED]>
Description:
quagga - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon
quagga-doc - documentation files for quagga
Closes: 442133
Changes:
quagga (0.99.5-5etch3) stable-security; urgency=high
.
* SECURITY:
A bgpd could be crashed if a peer sent a malformed OPEN message or a
malformed COMMUNITY attribute. Only configured peers can do this.
The bug is fixed by 96_SECURITY_ubuntu_fix_dos_malformed_community.dpatch.
CVE-2007-4826. Closes: 442133
Files:
3a36e812322157de715626cbe04c519f 1046 net optional quagga_0.99.5-5etch3.dsc
0de3c5021dbed0e4739f88b6f00a9c59 33551 net optional
quagga_0.99.5-5etch3.diff.gz
2bafee611f8a75fedc07be2224f90922 720288 net optional
quagga-doc_0.99.5-5etch3_all.deb
00846f88e7df3db61001d54fd5647d23 1414716 net optional
quagga_0.99.5-5etch3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRvn0tr97/wQC1SS+AQKLCwf+IMIUju1U9dp7Wrzdzz5Q9QjRH5NYZUIj
WU6K+CluBKhhcvnpTWs+5Qu7pEJfLIgvRHRFq6zlhw24gbExvo49Tv8LwXppzmPM
9ZzVfN55SGtq4LVRXMab/rI3oiTmBmjMaIyLMLr2Ov+l8wS+huaxche0jW8xITY2
Kg4uY8wwZTScbuDtpQT2BV9Kbhd1d1aKamaoziFyGd8o8wEPgfUacgC/684S9Wv4
p9fjIZY3crjXuYhjGrX/ba9SgutVll4KojxjnBoEbXn5N5PJCUaabj1r1zIQ+zB5
juNr8ZCUQRmKICuZ/kQFL3rC5D+3bzCAWOyciFg44w4kowHERdLq9g==
=yj9B
-----END PGP SIGNATURE-----
--- End Message ---
