Ubuntu
quagga package

Branches for Lucid

Name Status Last Modified Last Commit
lp:ubuntu/lucid-security/quagga bug 2 Mature 2012-05-15 12:49:28 UTC
26. * SECURITY UPDATE: Update to 0.99.20....

Author: Marc Deslauriers
Revision Date: 2012-05-05 19:21:02 UTC

* SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues.
  (LP: #994169)
  - Denial of service via short Link State Update packet
  - Denial of service via short network-LSA link-state advertisement
  - Denial of service via malformed Four-octet AS Number Capability
  - CVE-2012-0249
  - CVE-2012-0250
  - CVE-2012-0255
* debian/control, debian/rules: Remove quagga-dbg package for Lucid.
* debian/rules: don't use autotools_dev for Lucid.
* debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
  added fix for a bgpd memory leak related to extra attributes. Thanks to
  Debian for the regression fix.
lp:ubuntu/lucid-updates/quagga 2 Mature 2011-10-07 12:38:37 UTC
25. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2011-10-07 12:38:37 UTC

* SECURITY UPDATE: arbitrary code execution via malformed Inter Area
  Prefix LSA
  - debian/patches/99_CVE-2011-3323.dpatch: check lengths in
    ospf6d/{ospf6_abr.h,ospf6_asbr.h,ospf6_intra.h,ospf6_lsa.h,
    ospf6_message.c,ospf6_message.h,ospf6_proto.h}
  - CVE-2011-3323
* SECURITY UPDATE: denial of sevice via crafted Link-State-Advertisement
  - debian/patches/99_CVE-2011-3324.dpatch: change assert to warning in
    ospf6d/ospf6_lsa.c.
  - CVE-2011-3324
* SECURITY UPDATE: denial of service via crafted Hello packet
  - debian/patches/99_CVE-2011-3325.dpatch: add extra checks to
    ospfd/ospf_packet.c.
  - CVE-2011-3325
* SECURITY UPDATE: denial of service via unknown Link-State-Advertisements
  types
  - debian/patches/99_CVE-2011-3326.dpatch: exit if LSA type is unknown
    in ospfd/ospf_flood.c.
  - CVE-2011-3326
* SECURITY UPDATE: arbitrary code execution via Extended Communities path
  attribute
  - debian/patches/99_CVE-2011-3327.dpatch: properly check size in
    bgpd/bgp_ecommunity.c.
  - CVE-2011-3327
lp:ubuntu/lucid/quagga 1 Development 2009-10-30 15:25:39 UTC
22. * New upstream release "This fixes ...

Author: Christian Hammers
Revision Date: 2009-09-13 18:12:06 UTC

* New upstream release
  "This fixes some annoying little ospfd and ospf6d regressions, which made
  0.99.14 a bit of a problem release (...) This release still contains a
  regression in the "no ip address ..." command, at least on Linux.
  See bug #486, which contains a workaround patch. This release should be
  considered a 1.0.0 release candidate. Please test this release as widely
  as possible."
* Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst).
  Closes: #517860
* Added Russian Debconf tanslation (thanks to Yuri Kozlov).
  Closes: #539464
* Removed so-version in build-dep to libreadline-dev on request of
  Matthias Klose.
* Added README.source with reference to dpatch as suggested by lintian.
* Bumped standards versionto 3.8.3.
13 of 3 results FirstPreviousNextLast