lp:debian/squeeze/quagga
- Get this branch:
- bzr branch lp:debian/squeeze/quagga
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 26. By Christian Hammers
-
Applied fix for a bgpd memory leak related to extra attributes.
The bug was intruduced with the upgrade to 0.99.20.1 with the
latest security release. Closes: #670940 - 25. By Christian Hammers
-
* SECURITY:
This is a backport of the security patches of Quagga 0.99.19 and 0.99.20:
- The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
modified Database Description and Link State Update messages,
respectively, can result in denial of service in IPv6 routing.
- The vulnerability CVE-2011-3325 is a denial of service vulnerability
related to Hello message handling by the OSPF service. As Hello messages
are used to initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established adjacency.
A malformed packet may result in denial of service in IPv4 routing.
- The vulnerability CVE-2011-3326 results from the handling of LSA (Link
State Advertisement) states in the OSPF service. Receiving a modified
Link State Update message with malicious state information can result in
denial of service in IPv4 routing.
- The vulnerability CVE-2011-3327 is related to the extended communities
handling in BGP messages. Receiving a malformed BGP update can result in
a buffer overflow and disruption of IPv4 routing. - 24. By Florian Weimer
-
* Fix crash in Extended Communities handling (CVE-2010-1674)
* Remove support for AS_PATHLIMIT (CVE-2010-1675)
* Fix format string issue in vty_hello - 22. By Christian Hammers
-
SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262 - 21. By Christian Hammers
-
* New upstream release. Closes: #574527
* Added chrpath to debian/rules to fix rpath problems that lintian spottet. - 20. By Christian Hammers
-
* New upstream release
"This fixes some annoying little ospfd and ospf6d regressions, which made
0.99.14 a bit of a problem release (...) This release still contains a
regression in the "no ip address ..." command, at least on Linux.
See bug #486, which contains a workaround patch. This release should be
considered a 1.0.0 release candidate. Please test this release as widely
as possible."
* Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst).
Closes: #517860
* Added Russian Debconf tanslation (thanks to Yuri Kozlov).
Closes: #539464
* Removed so-version in build-dep to libreadline-dev on request of
Matthias Klose.
* Added README.source with reference to dpatch as suggested by lintian.
* Bumped standards versionto 3.8.3. - 19. By Christian Hammers
-
* New upstream release
"This release contains a regression fix for ospf6d, various small fixes
and some hopefully very significant bgpd stability fixes.
This release should be considered a 1.0.0 release candidate. Please test
this release as widely as possible."
* Fixes bug with premature LSA aging in ospf6d. Closes: #535030
* Fixes section number in zebra.8 manpage. Closes: #517860 - 18. By Christian Hammers
-
* New upstream release
"This release is contains a number of small fixes, for potentially
irritating issues, as well as small enhancements to vtysh and support
for linking to PCRE (a much faster regex library)."
* Added build-dep to gawk as configure required it for memtypes.awk
* Replaced build-dep to gs-gpl with ghostscript as requested by lintian
* Minor changes to copyright and control files to make lintian happy. - 17. By Christian Hammers
-
Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes).
Closes: #469891
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)