Bug#1036061: frr: CVE-2023-31489

Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b for 8.4, pending pick-up together with fix for #1036062 / CVE-2023-31490. (Would bump to upstream 8.4.4 if that's acceptable?) -equi

Bug#1036062: frr: CVE-2023-31490

Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b on stable/8.4 branch. Debian fix incoming with bump to 8.4.4 if that's OK? That wouldn't be a targeted security fix, but FRR minor versions are bugfix-only. -equi

Bug#1036062: frr: CVE-2023-31490

Argh, wrong bug, previous mail was for 1036061. On Tue, Jun 13, 2023 at 03:17:52PM +0200, David Lamparter wrote: > Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b on stable/8.4 > branch. CVE-2023-31489 / 1036062 was fixed upstream on master but not backported to 8.4 yet; now p

Bug#1035829: frr: CVE-2022-43681 CVE-2022-40318 CVE-2022-40302

notfound 1035829 frr/8.4.2-1 stop On Tue, May 09, 2023 at 09:19:30PM +0200, Moritz Mühlenhoff wrote: > CVE-2022-43681[0]: > CVE-2022-40318[1]: > CVE-2022-40302[2]: All 3 issues are fixed/not present in 8.4 and thus also 8.4.2-1: - CVE-2022-43681 - 6c4ca9812976596bf8b5226600269fc4031f1422 -

Bug#946217: CVE-2019-19333 & CVE-2019-19334 in libyang

Package: libyang0.16 Version: 0.16.105-1 Tags: security Severity: grave This is a security issue tracking bug for CVEs: - CVE-2019-19333 - CVE-2019-19334 Both issues are bugs in processing YANG models and may affect users loading or validating untrusted YANG models. This is a relatively rare

Bug#944392: frr: /usr/share/man/man8/vrrpd.8.gz is already shipped by vrrpd

On Sat, Nov 09, 2019 at 03:33:05AM +0100, Andreas Beckmann wrote: > Package: frr > Version: 7.2-1 > Severity: serious > > during a test with piuparts I noticed your package failed to install > because it tries to overwrite other packages files. [...] > dpkg: error processing archive >

Bug#921376: frr: missing Breaks+Replaces

Hi Andreas, I've added Conflicts: lines, as that seemed to be the most conservative option to me. ("Replaces: quagga" is a 'layer 9' discussion that I think it's a bit early to have at this point.) If you have any comments/opinions/input, I'd appreciate that. Diff is at:

Bug#921376: frr: missing Breaks+Replaces

Hi Andreas, Thanks for the report! On Mon, Feb 04, 2019 at 07:26:59PM +0100, Andreas Beckmann wrote: > if I understood the changelog entry correctly, frr is a successor to > quagga. There are a lot of Breaks+Replaces missing for taking over files > owned by quagga-*: FRR is indeed a (the?)

Bug#921349: frr: build dependency problems

Hi Adrian, On Mon, Feb 04, 2019 at 04:11:45PM +0200, Adrian Bunk wrote: > There are two bugs: > 1. build depending on the shared library package is >usually a bug, the -dev should pull in everything > 2. the unstable buildds only consider the first alternative Thanks for the report! Fix is