Your message dated Mon, 30 Mar 2026 15:48:41 +0000
with message-id <[email protected]>
and subject line Bug#1132329: fixed in frr 10.6.0-2
has caused the Debian Bug report #1132329,
regarding frr: CVE-2026-5107
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132329
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: frr
Version: 10.5.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/FRRouting/frr/pull/21098
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for frr.
CVE-2026-5107[0]:
| A vulnerability has been found in FRRouting FRR up to 10.5.1. This
| affects the function process_type2_route of the file bgpd/bgp_evpn.c
| of the component EVPN Type-2 Route Handler. The manipulation leads
| to improper access controls. The attack can be initiated remotely.
| The attack is considered to have high complexity. The exploitability
| is reported as difficult. The identifier of the patch is
| 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is
| recommended to deploy a patch.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-5107
https://www.cve.org/CVERecord?id=CVE-2026-5107
[1] https://github.com/FRRouting/frr/pull/21098
[2]
https://github.com/FRRouting/frr/commit/52c72c5ad8ccb491a9bab096002072667089d2d3
[3]
https://github.com/FRRouting/frr/commit/59d4c4a0b8e265bc6bdaa775ce8c3deb4a77a8e2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: frr
Source-Version: 10.6.0-2
Done: Daniel Baumann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
frr, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[email protected]> (supplier of updated frr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Mar 2026 17:33:28 +0200
Source: frr
Architecture: source
Version: 10.6.0-2
Distribution: sid
Urgency: medium
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Daniel Baumann <[email protected]>
Closes: 1132329
Changes:
frr (10.6.0-2) sid; urgency=medium
.
* Adding note about CVE-2026-5107 to 10.6.0-1 changelog entries (Closes:
#1132329).
Checksums-Sha1:
0e794d0f1f39250d59b6789c7ba52bcb524aefc5 2134 frr_10.6.0-2.dsc
f0c0308b300db452ebdacf870569bd88c3e1639a 32804 frr_10.6.0-2.debian.tar.xz
a7d92c52f8e505b52018f62ee22eae4d770891af 11245 frr_10.6.0-2_amd64.buildinfo
Checksums-Sha256:
e8718638b381b55848cdb0a12de1893af0f92cbcb1d32a5e0edf1f08fa19cc32 2134
frr_10.6.0-2.dsc
a467a8ab0bec256c8f317946be5ccbccadfe9e9c86ad84351040f2287b064901 32804
frr_10.6.0-2.debian.tar.xz
e47ae6984b92f67dd206327806db71c4f87e72ad637c10b9e54e38e4d862144f 11245
frr_10.6.0-2_amd64.buildinfo
Files:
2706a9f37baba2f0905fd08f56d4f1b6 2134 net optional frr_10.6.0-2.dsc
0274a611b34170c095eb25a26783bfc7 32804 net optional frr_10.6.0-2.debian.tar.xz
877bd99f65a18a56b59f9cb8716df110 11245 net optional
frr_10.6.0-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQQmmGg4gLaoSj0ERgL7tPDoCoAiLwUCacqYjQAKCRD7tPDoCoAi
L5USAP9Nu1Yujl9uQQmwZ+LGoAAzC0N0TBolqYHu21Japz43rAD9H+R1wMbpXqM3
EwJjshswt9PD02EO80jUtpx7r2qQOQY=
=M6gO
-----END PGP SIGNATURE-----
pgppoQ3qzv9CJ.pgp
Description: PGP signature
--- End Message ---
