Ubuntu
quagga package

lp:ubuntu/oneiric-security/quagga

  1. Oneiric (11.10)
  2. oneiric-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-security/quagga
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

32. By Marc Deslauriers

* SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues.
  (LP: #994169)
  - Denial of service via short Link State Update packet
  - Denial of service via short network-LSA link-state advertisement
  - Denial of service via malformed Four-octet AS Number Capability
  - CVE-2012-0249
  - CVE-2012-0250
  - CVE-2012-0255
* debian/control, debian/rules: Remove quagga-dbg package for Oneiric.
* debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
  added fix for a bgpd memory leak related to extra attributes. Thanks to
  Debian for the regression fix.

31. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via malformed Inter Area
  Prefix LSA
  - debian/patches/95_CVE-2011-3323.dpatch: check lengths in
    ospf6d/{ospf6_abr.h,ospf6_asbr.h,ospf6_intra.h,ospf6_lsa.h,
    ospf6_message.c,ospf6_message.h,ospf6_proto.h}
  - CVE-2011-3323
* SECURITY UPDATE: denial of sevice via crafted Link-State-Advertisement
  - debian/patches/95_CVE-2011-3324.dpatch: change assert to warning in
    ospf6d/ospf6_lsa.c.
  - CVE-2011-3324
* SECURITY UPDATE: denial of service via crafted Hello packet
  - debian/patches/95_CVE-2011-3325.dpatch: add extra checks to
    ospfd/ospf_packet.c.
  - CVE-2011-3325
* SECURITY UPDATE: denial of service via unknown Link-State-Advertisements
  types
  - debian/patches/95_CVE-2011-3326.dpatch: exit if LSA type is unknown
    in ospfd/ospf_flood.c.
  - CVE-2011-3326
* SECURITY UPDATE: arbitrary code execution via Extended Communities path
  attribute
  - debian/patches/95_CVE-2011-3327.dpatch: properly check size in
    bgpd/bgp_ecommunity.c.
  - CVE-2011-3327

30. By Christian Hammers

* Removed 90_configure_ncurses.dpatch which does not have any visible
  effect to the control files dependencies nor to the ldd usr/bin/vtysh
  output anymore. The web site with the "checklib" tool that reported
  warnings for superfluous dependencies in 2006 cannot be found anymore.
* Removed 10_doc__Makefiles__makeinfo-force.dpatch which was only for the
  'woody' release.
* Added 94_gcc45_format.dpatch which contains the patches from #614459
* Added sed snipped to debian/rules to remove dependencies from all .la
  files as requested in http://wiki.debian.org/ReleaseGoals/LAFileRemoval
* Removed --enable-tcp-md5 from ./configure call as this option has been
  renamed to --enable-linux24-tcp-md5 and is thus no longer needed.
* Bumped standards version to 3.9.2.

29. By Christian Hammers

* SECURITY:
  "This release fixes 2 denial of services in bgpd, which can be remotely
  triggered by malformed AS-Pathlimit or Extended-Community attributes.
  These issues have been assigned CVE-2010-1674 and CVE-2010-1675.
  Support for AS-Pathlimit has been removed with this release."
* Added Brazilian Portuguese debconf translation. Closes: #617735
* Changed section for quagga-doc from "doc" to "net".
* Added patch to fix FTBFS with latest GCC. Closes: #614459

28. By Marc Deslauriers

* SECURITY UPDATE: denial of service via malformed extended communities
  - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
    communities in bgpd/bgp_attr.c.
  - CVE-2010-1674
* SECURITY UPDATE: denial of service via AS_PATHLIMIT
  - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support
    in bgpd/bgp_attr.c.
  - CVE-2010-1675

27. By Christian Hammers

Added comment to init script (thanks to Marc Haber). Closes: #599524

26. By Matthias Klose

Fix FTBFS with ld --as-needed.

25. By Christian Hammers

Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259

24. By Christian Hammers

SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262

23. By Christian Hammers

* New upstream release. Closes: #574527
* Added chrpath to debian/rules to fix rpath problems that lintian spottet.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/quagga
This branch contains Public information 
Everyone can see this information.

Subscribers