Accepted quagga 0.99.2-1ubuntu3 (source)
Martin Pitt
martin.pitt at ubuntu.com
Mon May 15 14:10:07 BST 2006
Accepted:
OK: quagga_0.99.2-1ubuntu3.dsc
-> Component: main Section: net
OK: quagga_0.99.2-1ubuntu3.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 15 May 2006 14:54:38 +0200
Source: quagga
Binary: quagga quagga-doc
Architecture: source
Version: 0.99.2-1ubuntu3
Distribution: dapper
Urgency: low
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
quagga - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon
quagga-doc - documentation files for quagga
Changes:
quagga (0.99.2-1ubuntu3) dapper; urgency=low
.
* SECURITY UPDATE: Remote route injection, authentication bypass, remote
DoS.
* Add debian/patches/81_ripv1_injection.dpatch:
- When RIPv2 authentication is required, disable RIPv1 or require
authentication as well (remote attackers could get routing information
by sending RIPv1 requests). [CVE-2006-2223]
- Enforce RIPv2 authentication requirements (remote attackers could
modify routing state via RIPv1 RESPONSE packets). [CVE-2006-2224]
- Patch taken from CVS head, see
http://bugzilla.quagga.net/show_bug.cgi?id=262
* Add debian/patches/82_sh_ip_bgp_loop.dpatch:
- Fix infinite loop with special invalid 'sh ip bgp' command.
[CVE-2006-2276]
- Patch ported from 0.99.4.
Files:
7d0df81e246c0897994dc358aa9a5707 760 net optional quagga_0.99.2-1ubuntu3.dsc
5e6017ab60b5ba641500b3f0b084585e 30516 net optional quagga_0.99.2-1ubuntu3.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEaHpkDecnbV4Fd/IRAgVLAKDwYt2ipcKTcl/mzUmB9C88USTe+ACg6c1C
RN+1BFXgo5kD1u8eEfm3IXA=
=ObVA
-----END PGP SIGNATURE-----
More information about the dapper-changes
mailing list