Your message dated Thu, 28 Nov 2013 22:17:15 +0000 with message-id <e1vm9tb-0001xs...@franck.debian.org> and subject line Bug#726724: fixed in quagga 0.99.21-4+wheezy2 has caused the Debian Bug report #726724, regarding quagga: CVE-2013-2236 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 726724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726724 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: quagga Severity: grave Tags: security patch Justification: user security hole Hi Christian, this was assigned CVE-2013-2236 some time ago, but apparently there was never a bug filed for it: http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html Fixed in 0.99.22.3: http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: quagga Source-Version: 0.99.21-4+wheezy2 We believe that the bug you reported is fixed in the latest version of quagga, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 726...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Hammers <c...@debian.org> (supplier of updated quagga package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 27 Oct 2013 23:38:09 +0100 Source: quagga Binary: quagga quagga-dbg quagga-doc Architecture: source amd64 all Version: 0.99.21-4+wheezy2 Distribution: stable-security Urgency: high Maintainer: Christian Hammers <c...@debian.org> Changed-By: Christian Hammers <c...@debian.org> Description: quagga - BGP/OSPF/RIP routing daemon quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols) quagga-doc - documentation files for quagga Closes: 726724 Changes: quagga (0.99.21-4+wheezy2) stable-security; urgency=high . * Applied a patch that fixes the following security issue: "ospfd: CVE-2013-2236, stack overrun in apiserver . the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads to an exploitable stack overflow. . For this condition to occur, the following two conditions must be true: - Quagga is configured with --enable-opaque-lsa - ospfd is started with the "-a" command line option" Closes: #726724 Checksums-Sha1: 188a7da259524df009ab80c68880317162249791 1466 quagga_0.99.21-4+wheezy2.dsc 710a260168cb4c4334bed7848e91bffa1fdc9954 1572264 quagga_0.99.21.orig.tar.xz 3b7385cf5687156595974d9677728beb64a25256 42328 quagga_0.99.21-4+wheezy2.debian.tar.gz 982ac76a19923a789e1a5a5cc6b8b3b3e523c107 1708106 quagga_0.99.21-4+wheezy2_amd64.deb 28147cc20c305df6d1e98d62259a46224d94d07f 2500286 quagga-dbg_0.99.21-4+wheezy2_amd64.deb feac493efd9547fa54f0261ca49fd5a751840679 645500 quagga-doc_0.99.21-4+wheezy2_all.deb Checksums-Sha256: 9337068f842dd6e7ce337470f059dc5cbef8c04d2d89897a3f2c77552d6d14ae 1466 quagga_0.99.21-4+wheezy2.dsc 87329c3d9d4e5c0a74812e725026560c477f610eec9771e67baf513da0357246 1572264 quagga_0.99.21.orig.tar.xz 12581ed6a72caa7161e0211a9320d61bb76303b5e5b1f38334f7ee316b32713e 42328 quagga_0.99.21-4+wheezy2.debian.tar.gz f91d501905c55b0bb76f1014fc7c00b2105c6ef4cefddf5b832da1e8ac8d117e 1708106 quagga_0.99.21-4+wheezy2_amd64.deb a8a01f72266b4a9806dbe82a6e6d2c7f9be6f565c9d9cd9d157a7db84023bad2 2500286 quagga-dbg_0.99.21-4+wheezy2_amd64.deb 599940ad41a252d5e9ea0813dde56c69774b8b0608bcc49e77471288a37374cc 645500 quagga-doc_0.99.21-4+wheezy2_all.deb Files: 9b647ddc35a44d440b5c06f4ce5354f0 1466 net optional quagga_0.99.21-4+wheezy2.dsc 0980758b1865b9aa0c60975120bf3453 1572264 net optional quagga_0.99.21.orig.tar.xz f4498a6cf1ffc9e1d28c7bf56000fa14 42328 net optional quagga_0.99.21-4+wheezy2.debian.tar.gz 645941fa3c68ed0c0caf4284e1d6529a 1708106 net optional quagga_0.99.21-4+wheezy2_amd64.deb 7a94b603bb7c383150314058472d5975 2500286 debug extra quagga-dbg_0.99.21-4+wheezy2_amd64.deb 249844cbd169fb745338dffc5b63613d 645500 net optional quagga-doc_0.99.21-4+wheezy2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlJtpdQACgkQkR9K5oahGOYJYgCeIeeSFpX8W+x7zGKt2dkwlpRq g5IAoKMwBYe5dLDg+10irbW7LxcR94lK =EYMr -----END PGP SIGNATURE-----
--- End Message ---
