Your message dated Thu, 26 Mar 2026 19:18:56 +0000
with message-id <[email protected]>
and subject line Bug#1131115: fixed in gobgp 4.3.0-1
has caused the Debian Bug report #1131115,
regarding gobgp: CVE-2026-30405
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131115
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gobgp
Version: 3.36.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/osrg/gobgp/issues/3305
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gobgp.
CVE-2026-30405[0]:
| An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a
| denial of service via the NEXT_HOP path attribute
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-30405
https://www.cve.org/CVERecord?id=CVE-2026-30405
[1] https://github.com/osrg/gobgp/issues/3305
[2]
https://github.com/osrg/gobgp/commit/f12b8fbb84f9e1a58dca932ccf0b005039f3cfb5
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gobgp
Source-Version: 4.3.0-1
Done: Mathias Gibbens <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gobgp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathias Gibbens <[email protected]> (supplier of updated gobgp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Mar 2026 18:48:40 +0000
Source: gobgp
Architecture: source
Version: 4.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Mathias Gibbens <[email protected]>
Closes: 1109300 1131115
Changes:
gobgp (4.3.0-1) unstable; urgency=medium
.
* New upstream release:
- Includes fixes for the following security issues:
* CVE-2025-7464 (Closes: #1109300)
* CVE-2026-30405 (Closes: #1131115)
- Drop d/p/0001-grpc-1.32-compat.patch
* d/control:
- Update Standards-Version to 4.7.3, drop Priority field
- Update Build-Depends and Depends
- Update Breaks for incus
- Drop redundant Rules-Requires-Root
* Update proto generation in d/rules
* Update years in d/copyright
Checksums-Sha1:
06f604568b2c6e80e48d57c9c43750acc8d29cd9 3219 gobgp_4.3.0-1.dsc
620470002f0486b1c199a620e2abc7208e65e117 996040 gobgp_4.3.0.orig.tar.xz
464623b09bf955c705caa4a0aa89c4e8b81b4593 7572 gobgp_4.3.0-1.debian.tar.xz
51656bddcf30660a8511c2507be2ef8f750f73d1 15925 gobgp_4.3.0-1_amd64.buildinfo
Checksums-Sha256:
cdd72789eb01c80e0ce7eee5a51eb11afc2c0b0983e08d177a04a7d9020e7cd6 3219
gobgp_4.3.0-1.dsc
80177321b4979a9c3d0f783b99906f9e3e83a6d94f1eb4870d5070a991eaace7 996040
gobgp_4.3.0.orig.tar.xz
44c6a069028565473198ccc2891e6b0946ea54585539d92ca0649f6de6e3a5cb 7572
gobgp_4.3.0-1.debian.tar.xz
20de07cfe26fca44c277290f6cadfe578b7efc1ec7438fa0878ec6a22c635c27 15925
gobgp_4.3.0-1_amd64.buildinfo
Files:
95064fcfc7351c94a978042467f4bcd1 3219 net optional gobgp_4.3.0-1.dsc
1ac3a5d55da80f576b3fdbcc63c45c41 996040 net optional gobgp_4.3.0.orig.tar.xz
3534fa771b2ceab5a8b3d9ec6a781891 7572 net optional gobgp_4.3.0-1.debian.tar.xz
1ec3859b506aff261db3d3573a00d443 15925 net optional
gobgp_4.3.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmnFgQMSHGdpYm1hdEBk
ZWJpYW4ub3JnAAoJECnu4tbs9EL5KRIP/jmXfb+678m1mZw601j4EWgIfLwfK5Kd
MP1ioy3VRrZgEV6QHTyBy6TDKhk5SUSLpFyaQ/E6NuUF39RxWajG5CyXjqBIrK2Y
bzE/Yej7yxYE3a7uMu2gk05ZE3HTs2dDfumREAt+jwk9clIRIcS6od8EgLjYs+VO
5NUG6FUvZZIcKZCOUi3b6yFJ37mS5XnsWunR22aEFeEDKBUG1eFchM7gdlltygkg
njIHvNGTYwoIR+ISh2ieOvRruPfdIg1vq36LbLrTDrI4hHSvxhHJVFVC7pWHANzP
UukNtmAPjIEAyIdSFxl6x+wS3gHbRxEU/X0TMQ6rL6bgaM5hn5DRZ/UuREnwjGzW
gkxjYVeiNy9g4ZkFdjlojKpDt7vMXqt6NdJ+a7aQpfKUNOLUlo3jzYhM1WuHI9vY
tD3fY+4tMN1rDdwKeQWYBOxPm0/maYZkkaWvumw3KASbL7DxT1OC23Ssj2LkfXNr
6hr3Pl3Duz9LMBHDjouplrRrIV9NJFizEDPDrKvcKY6BGTDDh+Vgytu0ba4kA50F
tVPmYIpAASYsi60be/EJuah92FlA/SXTV7VgyiM1yzZcf049NnCE1AnQruPHN+X9
SyGQwO5IsjuleF4PuTR0WkLu6p165jwHqSzdCk6+p6ylL7RWzE/DuLikHNcxTOTJ
F7XBWOP/k6gv
=p/pC
-----END PGP SIGNATURE-----
pgpmMm6oVGI9f.pgp
Description: PGP signature
--- End Message ---
