lp:debian/squeeze/quagga

Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/squeeze/quagga
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

26. By Christian Hammers

Applied fix for a bgpd memory leak related to extra attributes.
The bug was intruduced with the upgrade to 0.99.20.1 with the
latest security release. Closes: #670940

25. By Christian Hammers

* SECURITY:
  This is a backport of the security patches of Quagga 0.99.19 and 0.99.20:
  - The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
    IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
    modified Database Description and Link State Update messages,
    respectively, can result in denial of service in IPv6 routing.
  - The vulnerability CVE-2011-3325 is a denial of service vulnerability
    related to Hello message handling by the OSPF service. As Hello messages
    are used to initiate adjacencies, exploiting the vulnerability may be
    feasible from the same broadcast domain without an established adjacency.
    A malformed packet may result in denial of service in IPv4 routing.
  - The vulnerability CVE-2011-3326 results from the handling of LSA (Link
    State Advertisement) states in the OSPF service. Receiving a modified
    Link State Update message with malicious state information can result in
    denial of service in IPv4 routing.
  - The vulnerability CVE-2011-3327 is related to the extended communities
    handling in BGP messages. Receiving a malformed BGP update can result in
    a buffer overflow and disruption of IPv4 routing.

24. By Florian Weimer

* Fix crash in Extended Communities handling (CVE-2010-1674)
* Remove support for AS_PATHLIMIT (CVE-2010-1675)
* Fix format string issue in vty_hello

23. By Christian Hammers

Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259

22. By Christian Hammers

SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262

21. By Christian Hammers

* New upstream release. Closes: #574527
* Added chrpath to debian/rules to fix rpath problems that lintian spottet.

20. By Christian Hammers

* New upstream release
  "This fixes some annoying little ospfd and ospf6d regressions, which made
  0.99.14 a bit of a problem release (...) This release still contains a
  regression in the "no ip address ..." command, at least on Linux.
  See bug #486, which contains a workaround patch. This release should be
  considered a 1.0.0 release candidate. Please test this release as widely
  as possible."
* Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst).
  Closes: #517860
* Added Russian Debconf tanslation (thanks to Yuri Kozlov).
  Closes: #539464
* Removed so-version in build-dep to libreadline-dev on request of
  Matthias Klose.
* Added README.source with reference to dpatch as suggested by lintian.
* Bumped standards versionto 3.8.3.

19. By Christian Hammers

* New upstream release
  "This release contains a regression fix for ospf6d, various small fixes
  and some hopefully very significant bgpd stability fixes.
  This release should be considered a 1.0.0 release candidate. Please test
  this release as widely as possible."
* Fixes bug with premature LSA aging in ospf6d. Closes: #535030
* Fixes section number in zebra.8 manpage. Closes: #517860

18. By Christian Hammers

* New upstream release
  "This release is contains a number of small fixes, for potentially
  irritating issues, as well as small enhancements to vtysh and support
  for linking to PCRE (a much faster regex library)."
* Added build-dep to gawk as configure required it for memtypes.awk
* Replaced build-dep to gs-gpl with ghostscript as requested by lintian
* Minor changes to copyright and control files to make lintian happy.

17. By Christian Hammers

Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes).
Closes: #469891

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers