-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 27 Oct 2013 23:38:09 +0100
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.21-4+wheezy2
Distribution: stable-security
Urgency: high
Maintainer: Christian Hammers <c...@debian.org>
Changed-By: Christian Hammers <c...@debian.org>
Description:
quagga - BGP/OSPF/RIP routing daemon
quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
quagga-doc - documentation files for quagga
Closes: 726724
Changes:
quagga (0.99.21-4+wheezy2) stable-security; urgency=high
.
* Applied a patch that fixes the following security issue:
"ospfd: CVE-2013-2236, stack overrun in apiserver
.
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option"
Closes: #726724
Checksums-Sha1:
188a7da259524df009ab80c68880317162249791 1466 quagga_0.99.21-4+wheezy2.dsc
710a260168cb4c4334bed7848e91bffa1fdc9954 1572264 quagga_0.99.21.orig.tar.xz
3b7385cf5687156595974d9677728beb64a25256 42328
quagga_0.99.21-4+wheezy2.debian.tar.gz
982ac76a19923a789e1a5a5cc6b8b3b3e523c107 1708106
quagga_0.99.21-4+wheezy2_amd64.deb
28147cc20c305df6d1e98d62259a46224d94d07f 2500286
quagga-dbg_0.99.21-4+wheezy2_amd64.deb
feac493efd9547fa54f0261ca49fd5a751840679 645500
quagga-doc_0.99.21-4+wheezy2_all.deb
Checksums-Sha256:
9337068f842dd6e7ce337470f059dc5cbef8c04d2d89897a3f2c77552d6d14ae 1466
quagga_0.99.21-4+wheezy2.dsc
87329c3d9d4e5c0a74812e725026560c477f610eec9771e67baf513da0357246 1572264
quagga_0.99.21.orig.tar.xz
12581ed6a72caa7161e0211a9320d61bb76303b5e5b1f38334f7ee316b32713e 42328
quagga_0.99.21-4+wheezy2.debian.tar.gz
f91d501905c55b0bb76f1014fc7c00b2105c6ef4cefddf5b832da1e8ac8d117e 1708106
quagga_0.99.21-4+wheezy2_amd64.deb
a8a01f72266b4a9806dbe82a6e6d2c7f9be6f565c9d9cd9d157a7db84023bad2 2500286
quagga-dbg_0.99.21-4+wheezy2_amd64.deb
599940ad41a252d5e9ea0813dde56c69774b8b0608bcc49e77471288a37374cc 645500
quagga-doc_0.99.21-4+wheezy2_all.deb
Files:
9b647ddc35a44d440b5c06f4ce5354f0 1466 net optional quagga_0.99.21-4+wheezy2.dsc
0980758b1865b9aa0c60975120bf3453 1572264 net optional
quagga_0.99.21.orig.tar.xz
f4498a6cf1ffc9e1d28c7bf56000fa14 42328 net optional
quagga_0.99.21-4+wheezy2.debian.tar.gz
645941fa3c68ed0c0caf4284e1d6529a 1708106 net optional
quagga_0.99.21-4+wheezy2_amd64.deb
7a94b603bb7c383150314058472d5975 2500286 debug extra
quagga-dbg_0.99.21-4+wheezy2_amd64.deb
249844cbd169fb745338dffc5b63613d 645500 net optional
quagga-doc_0.99.21-4+wheezy2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iEYEARECAAYFAlJtpdQACgkQkR9K5oahGOYJYgCeIeeSFpX8W+x7zGKt2dkwlpRq
g5IAoKMwBYe5dLDg+10irbW7LxcR94lK
=EYMr
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1vm9tb-0001xn...@franck.debian.org
