-
quagga (1.1.1-3ubuntu0.2) artful-security; urgency=medium
* SECURITY UPDATE: missing bounds check on NOTIFY data
- debian/patches/Quagga-2018-0543.patch: use proper length in
bgpd/bgp_attr.c.
- No CVE number
* SECURITY UPDATE: DoS and possible code execution via double-free
- debian/patches/Quagga-2018-1114.patch: fix double-free in
bgpd/bgp_attr.c, bgpd/bgp_attr.h.
- No CVE number
* SECURITY UPDATE: code-to-string conversion table overrun
- debian/patches/Quagga-2018-1550.patch: limit size in
bgpd/bgp_debug.c.
- No CVE number
* SECURITY UPDATE: hang via invalid OPEN message
- debian/patches/Quagga-2018-1975.patch: fix infinite loop in
bgpd/bgp_packet.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 07 Feb 2018 07:22:32 -0500
-
quagga (1.1.1-3ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via BGP UPDATE messages
- debian/patches/CVE-2017-16227.patch: fix AS_PATH size calculation for
long paths in bgpd/bgp_aspath.c.
- CVE-2017-16227
-- Marc Deslauriers <email address hidden> Mon, 30 Oct 2017 10:22:03 -0400
-
quagga (1.1.1-3) unstable; urgency=medium
* Fix upgrade file conflict with old quagga packages (Closes: #859581).
-- Scott Leggett <email address hidden> Wed, 05 Apr 2017 21:41:14 +1000
-
quagga (1.1.1-1) unstable; urgency=low
* SECURITY:
- New upstream bugfix release, fixes CVE-2017-5495 (Closes: #852454).
* Remove patch disabling debug print statements; fixed upstream.
* Update libquagga0.symbols for libzebra SONAME bump.
-- Scott Leggett <email address hidden> Fri, 27 Jan 2017 10:48:50 +1100
