Source: quagga Version: 1.1.1-1 Severity: serious Tags: security upstream fixed-upstream Justification: security update done via DSA-4115-1; regression from stable
Hi, the following vulnerabilities were published for quagga. CVE-2018-5378[0]: invalid attr length sends NOTIFY with data overrun CVE-2018-5379[1]: Fix double free of unknown attribute CVE-2018-5380[2]: debug print of received NOTIFY data can over-read msg array CVE-2018-5381[3]: fix infinite loop on certain invalid OPEN messages See [4] for the announcement. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5378 [1] https://security-tracker.debian.org/tracker/CVE-2018-5379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5379 [2] https://security-tracker.debian.org/tracker/CVE-2018-5380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5380 [3] https://security-tracker.debian.org/tracker/CVE-2018-5381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5381 [4] https://savannah.nongnu.org/forum/forum.php?forum_id=9095 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
