[quagga-users 14450] Re: [quagga-sec] Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)

On Oct 18, 2016, at 6:37 AM, Paul Jakma wrote: > On Tue, 18 Oct 2016, Alexis Rosen wrote: >> For that matter, why didn't VyOS know about this? (They do now.) >> >> Does Ubiquiti? > > Note: They may wish to subscribe to secur...@quagga.net if they're Quagga > distributors[...]

[quagga-users 14445] Re: Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)

* Martin Winter: > Document Revision History: > 1.0 22 September 2016 - Initial (internal) draft > 1.1 18 October 2016 - CVE release version Why didn't you coordinate the disclosure with distributions? Debian assigned a CVE ID to you in good faith, but the promised coordination never

[quagga-users 14447] BGP: unknown afi/safi

Hello, after upgrade from quagga-0.99.24.1 to 1.0.x (example 1.0.20161017) my "/var/log/quagga/bgpd.log" log these: 2016/10/18 11:18:32 debugging: BGP: unknown afi/safi (0/0) 2016/10/18 11:18:32 informational: BGP: x.x.x.x [Info] UPDATE with unsupported AFI/SAFI 0/0 The problem is the continuous

[quagga-users 14448] Re: [quagga-sec] Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)

On Tue, 18 Oct 2016, Florian Weimer wrote: Why didn't you coordinate the disclosure with distributions? Debian assigned a CVE ID to you in good faith, but the promised coordination never happened. We never received the details of the vulnerability, nor the planned disclosure date. Not

[quagga-users 14451] Re: [quagga-sec] Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)

On Tue, 18 Oct 2016, Alexis Rosen wrote: I think this is a grave error. Not so much in terms of security (though it's not great), but in community-building. It's in Quagga's best interests to expand participation as much as possible. If that means seeking out forks/distros and opening

[quagga-users 14446] Re: Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)

On Oct 18, 2016, at 4:09 AM, Florian Weimer wrote: > * Martin Winter: > >> Document Revision History: >> 1.0 22 September 2016 - Initial (internal) draft >> 1.1 18 October 2016 - CVE release version > > Why didn't you coordinate the disclosure with distributions? > >

[quagga-users 14453] Quagga 1.1.0 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Quagga 1.1.0 has been released, available from the usual place: https://download.savannah.gnu.org/releases/quagga/ This is a release with a number of new features, and many bug fixes. Notably: * Greatly improved nexthop resolution for

[quagga-users 14452] Re: Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)

So for the complains on not getting heads-up notification for some Distros: Sorry. We had some mis-communication on the Quagga-Security list on how to get this released. I wanted to give all the proper heads-up notifications. This email is mainly a followup after Paul sent the release

[quagga-users 14454] Re: Issues with Routes in FreeBSD / PfSense New to Release 1.0

Sorry it seems I'm a lists noob and didnt realize this stuff was not going into list... i'm assuming that i should be emailing the list only ? and not Martin or anybody else ? I CCed Martin just in case. So as per Martin, he thinks what is triggering the issue is the use of -9 to terminate