Hello community, here is the log from the commit of package bird for openSUSE:Factory checked in at 2019-09-20 14:53:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bird (Old) and /work/SRC/openSUSE:Factory/.bird.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bird" Fri Sep 20 14:53:45 2019 rev:4 rq:731869 version:1.6.8 Changes: -------- --- /work/SRC/openSUSE:Factory/bird/bird.changes 2019-03-04 09:22:36.444576881 +0100 +++ /work/SRC/openSUSE:Factory/.bird.new.7948/bird.changes 2019-09-20 14:53:50.674874871 +0200 @@ -1,0 +2,16 @@ +Wed Sep 18 19:14:22 UTC 2019 - Martin Hauke <[email protected]> + +- Update to version 1.6.8 + * Fix CVE-2019-16159: + BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through + 2.0.5 has a stack-based buffer overflow. The BGP daemon's + support for RFC 8203 administrative shutdown communication + messages included an incorrect logical expression when checking + the validity of an input message. Sending a shutdown + communication with a sufficient message length causes a four-byte + overflow to occur while processing the message, where two of the + overflow bytes are attacker-controlled and two are fixed. + * Several important bugfixes + * BFD: Support for VRFs + +------------------------------------------------------------------- Old: ---- bird-1.6.6.tar.gz New: ---- bird-1.6.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bird.spec ++++++ --- /var/tmp/diff_new_pack.a9MZgy/_old 2019-09-20 14:53:51.562874694 +0200 +++ /var/tmp/diff_new_pack.a9MZgy/_new 2019-09-20 14:53:51.566874693 +0200 @@ -21,7 +21,7 @@ %define bird_home %{_localstatedir}/lib/bird %define bird_runtimedir %{_rundir}/%{name} Name: bird -Version: 1.6.6 +Version: 1.6.8 Release: 0 Summary: The BIRD Internet Routing Daemon License: GPL-2.0-or-later ++++++ bird-1.6.6.tar.gz -> bird-1.6.8.tar.gz ++++++ ++++ 1904 lines of diff (skipped)
