-
quagga (1.2.4-1) unstable; urgency=medium
* New maintainer (Closes: #884919)
* New upstream release (Closes: #890563)
- Fixes CVE-2018-5278
- Fixes CVE-2018-5279
- Fixes CVE-2018-5280
- Fixes CVE-2018-5281
-- Brett Parker <email address hidden> Sat, 17 Mar 2018 15:33:00 +0000
-
quagga (1.2.2-1ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: missing bounds check on NOTIFY data
- debian/patches/Quagga-2018-0543.patch: use proper length in
bgpd/bgp_attr.c.
- CVE-2018-5378
* SECURITY UPDATE: DoS and possible code execution via double-free
- debian/patches/Quagga-2018-1114.patch: fix double-free in
bgpd/bgp_attr.c, bgpd/bgp_attr.h.
- CVE-2018-5379
* SECURITY UPDATE: code-to-string conversion table overrun
- debian/patches/Quagga-2018-1550.patch: limit size in
bgpd/bgp_debug.c.
- CVE-2018-5380
* SECURITY UPDATE: hang via invalid OPEN message
- debian/patches/Quagga-2018-1975.patch: fix infinite loop in
bgpd/bgp_packet.c.
- CVE-2018-5381
-- Marc Deslauriers <email address hidden> Wed, 07 Mar 2018 15:47:11 +0100
-
quagga (1.2.2-1) unstable; urgency=medium
* New upstream release (Closes: #879474, #857187).
* Rework patches to apply against new upstream version.
* Change zebra daemon GID to allow writing to /run/quagga (Closes: #880522).
* Change group permissions on Quagga.conf (Closes: #847106).
* Add missing build-dep on libc-ares-dev.
* Add patch for documentation fixes (Closes: #879971).
-- Scott Leggett <email address hidden> Sun, 05 Nov 2017 22:11:44 +1100
-
quagga (1.1.1-3ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: DoS via BGP UPDATE messages
- debian/patches/CVE-2017-16227.patch: fix AS_PATH size calculation for
long paths in bgpd/bgp_aspath.c.
- CVE-2017-16227
-- Marc Deslauriers <email address hidden> Tue, 31 Oct 2017 14:31:17 -0400
-
quagga (1.1.1-3) unstable; urgency=medium
* Fix upgrade file conflict with old quagga packages (Closes: #859581).
-- Scott Leggett <email address hidden> Wed, 05 Apr 2017 21:41:14 +1000
