On Oct 18, 2016, at 6:37 AM, Paul Jakma wrote:
> On Tue, 18 Oct 2016, Alexis Rosen wrote:
>> For that matter, why didn't VyOS know about this? (They do now.)
>>
>> Does Ubiquiti?
>
> Note: They may wish to subscribe to secur...@quagga.net if they're Quagga
> distributors[...]
* Martin Winter:
> Document Revision History:
> 1.0 22 September 2016 - Initial (internal) draft
> 1.1 18 October 2016 - CVE release version
Why didn't you coordinate the disclosure with distributions?
Debian assigned a CVE ID to you in good faith, but the promised
coordination never
Hello,
after upgrade from quagga-0.99.24.1 to 1.0.x (example 1.0.20161017) my
"/var/log/quagga/bgpd.log" log these:
2016/10/18 11:18:32 debugging: BGP: unknown afi/safi (0/0)
2016/10/18 11:18:32 informational: BGP: x.x.x.x [Info] UPDATE with
unsupported AFI/SAFI 0/0
The problem is the continuous
On Tue, 18 Oct 2016, Florian Weimer wrote:
Why didn't you coordinate the disclosure with distributions?
Debian assigned a CVE ID to you in good faith, but the promised
coordination never happened. We never received the details of the
vulnerability, nor the planned disclosure date.
Not
On Tue, 18 Oct 2016, Alexis Rosen wrote:
I think this is a grave error. Not so much in terms of security
(though it's not great), but in community-building. It's in Quagga's
best interests to expand participation as much as possible. If that
means seeking out forks/distros and opening
On Oct 18, 2016, at 4:09 AM, Florian Weimer wrote:
> * Martin Winter:
>
>> Document Revision History:
>> 1.0 22 September 2016 - Initial (internal) draft
>> 1.1 18 October 2016 - CVE release version
>
> Why didn't you coordinate the disclosure with distributions?
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Quagga 1.1.0 has been released, available from the usual place:
https://download.savannah.gnu.org/releases/quagga/
This is a release with a number of new features, and many bug fixes.
Notably:
* Greatly improved nexthop resolution for
So for the complains on not getting heads-up notification for some Distros:
Sorry.
We had some mis-communication on the Quagga-Security list on how to get
this released.
I wanted to give all the proper heads-up notifications.
This email is mainly a followup after Paul sent the release
Sorry it seems I'm a lists noob and didnt realize this stuff was not going into
list... i'm assuming that i should be emailing the list only ? and not Martin
or anybody else ? I CCed Martin just in case.
So as per Martin, he thinks what is triggering the issue is the use of -9 to
terminate