~ahasenack/ubuntu/+source/frr:lunar-frr-merge-841

Branch merges

Propose for merging

Merged into ubuntu/+source/frr:debian/sid at revision b56bfcd32351e1ffb4c00a53a0802af05a7e5109

Sergio Durigan Junior (community): Approve on 2023-01-10

Canonical Server Reporter: Pending requested 2023-01-09

Diff: 181 lines (+123/-3)

4 files modified

debian/changelog (+94/-0)
debian/control (+2/-1)
debian/frr.logrotate (+1/-1)
debian/frr.postinst (+26/-1)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

b56bfcd... by Andreas Hasenack on 2023-01-08

update-maintainer

04def0c... by Andreas Hasenack on 2023-01-08

reconstruct-changelog

58e4924... by Andreas Hasenack on 2023-01-08

merge-changelogs

cad7ccf... by Andreas Hasenack on 2023-01-08

    - SECURITY UPDATE: use-after-free due to a race condition
      + debian/patches/CVE-2022-37035.patch: avoid notify race between io and
        main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
      + CVE-2022-37035

e091b59... by Andreas Hasenack on 2023-01-08

    - SECURITY UPDATE: DoS via out-of-bounds read
      + debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
        minimum of what is expected in bgpd/bgp_packet.c.
      + CVE-2022-37032

ef642e4... by Andreas Hasenack on 2023-01-08

    - SECURITY UPDATE: overflow via wrong checks
      + debian/patches/CVE-2022-26128_9.patch: fix checks on length in
        babeld/message.c.
      + CVE-2022-26128
      + CVE-2022-26129

0d62784... by Andreas Hasenack on 2023-01-08

    - SECURITY UPDATE: overflow via missing check on the input packet length
      + debian/patches/CVE-2022-26127.patch: add check on packet length in
        babeld/message.c.
      + CVE-2022-2612

6d6b13d... by Andreas Hasenack on 2023-01-08

    - SECURITY UPDATE: overflow via use of strdup with binary string
      + debian/patches/CVE-2022-26126.patch: use base64 encoding in
        isisd/isis_nb_notifications.c, lib/base64.c, lib/base64.h,
        lib/subdir.am, lib/yang_wrappers.c, lib/yang_wrappers.h.
      + CVE-2022-26126

9f57fa1... by Andreas Hasenack on 2023-01-08

      + debian/patches/disable_isisd_fuzz_test.patch: disable fuzz tests as
        the security update changed expected results in
        tests/isisd/test_fuzz_isis_tlv.py.
      + CVE-2022-26125

e77e72f... by Andreas Hasenack on 2023-01-08

  * Dropped (fixed upstream):
    - SECURITY UPDATE: overflow via input packet length
      + debian/patches/CVE-2022-26125.patch: fix router capability TLV
        parsing issues in isisd/isis_tlvs.*.