Your message dated Tue, 16 Oct 2007 19:56:51 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#442133: fixed in quagga 0.98.3-7.5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: quagga
Version: 0.99.8-1
Severity: serious
Tags: security
Hi,
a CVE has been issued against quagga.
CVE-2007-4826[0]:
bgpd in Quagga before 0.99.9 allows remote BGP peers to
cause a denial of service (crash) via a malformed (1) OPEN
message or (2) COMMUNITY attribute
Please include the CVE id in the changelog if you fix the
bug.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp3EcpD4xXQj.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: quagga
Source-Version: 0.98.3-7.5
We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:
quagga-doc_0.98.3-7.5_all.deb
to pool/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb
quagga_0.98.3-7.5.diff.gz
to pool/main/q/quagga/quagga_0.98.3-7.5.diff.gz
quagga_0.98.3-7.5.dsc
to pool/main/q/quagga/quagga_0.98.3-7.5.dsc
quagga_0.98.3-7.5_i386.deb
to pool/main/q/quagga/quagga_0.98.3-7.5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated quagga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Sep 2007 23:54:28 +0200
Source: quagga
Binary: quagga quagga-doc
Architecture: source i386 all
Version: 0.98.3-7.5
Distribution: oldstable-security
Urgency: high
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: Christian Hammers <[EMAIL PROTECTED]>
Description:
quagga - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon
quagga-doc - documentation files for quagga
Closes: 442133
Changes:
quagga (0.98.3-7.5) oldstable-security; urgency=high
.
* SECURITY:
A bgpd could be crashed if a peer sent a malformed OPEN message or a
malformed COMMUNITY attribute. Only configured peers can do this.
The bug is fixed by 96_SECURITY_ubuntu_fix_dos_malformed_community.dpatch.
CVE-2007-4826. Closes: 442133
Files:
69dc4e5de4de00ec723ecaad6f285af8 1017 net optional quagga_0.98.3-7.5.dsc
8bfd06c851172358137d7b67d5f90490 43910 net optional quagga_0.98.3-7.5.diff.gz
4f150df3d0d7c1b26d648590ac02541a 488996 net optional
quagga-doc_0.98.3-7.5_all.deb
e3057ed965a580381e7c15dc430df295 1192432 net optional
quagga_0.98.3-7.5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRv6giL97/wQC1SS+AQJ1jQf9EktKzy0lOWfuHn6Hy990qlHUV+tQsXVO
kp3jJTVnKEZPiazMMJJniBweCVT5T3TDn7d7kP2ta49IOJ//r1QD/tWQ5/Eme93X
q1gUardl+n92TUwwkM19zyZo19KX0M776JsQzzTW5XzNYBO8NJJvg6ZehjwBXuoa
AOUG6pA/Op/1Zk7Q/dmpqa8R3DMRnZnxJNIxRaRIQ3qckqvGcCYqQftwlbJ2s9F9
xwOenv7nkqcfogmjZnP/L9PpEZTMbN2/TcGBXeeOchEQGGqXuwxNF12i49FRYSSg
5x0N4CYvfGtObAATtEn4yujCOMSL3MFKvvGogljOTHsUvTpAlfWCyA==
=kCtS
-----END PGP SIGNATURE-----
--- End Message ---
