Ubuntu
quagga package

lp:ubuntu/precise-security/quagga

  1. Precise (12.04)
  2. precise-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/precise-security/quagga
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

33. By Marc Deslauriers

* SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues
  (LP: #994169)
  - Denial of service via short Link State Update packet
  - Denial of service via short network-LSA link-state advertisement
  - Denial of service via malformed Four-octet AS Number Capability
  - CVE-2012-0249
  - CVE-2012-0250
  - CVE-2012-0255
* debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
  added fix for a bgpd memory leak related to extra attributes. Thanks to
  Debian for the regression fix.

32. By Christian Hammers

Added --sysconfdir back to the configure options (thanks to Sven-Haegar
Koch). Closes: #645649

31. By Christian Hammers

* New upstream release:
  "The primary focus of this release is a fix of SEGV regression in ospfd,
   which was introduced in 0.99.19. It also features a series of minor
   improvements, including better RFC compliance in bgpd, better support
   of FreeBSD and some enhancements to isisd."
* Fixes off-by-one bug (removed 20_ospf6_area_argv.dpatch). Closes: #519488

30. By Christian Hammers

* Removed 90_configure_ncurses.dpatch which does not have any visible
  effect to the control files dependencies nor to the ldd usr/bin/vtysh
  output anymore. The web site with the "checklib" tool that reported
  warnings for superfluous dependencies in 2006 cannot be found anymore.
* Removed 10_doc__Makefiles__makeinfo-force.dpatch which was only for the
  'woody' release.
* Added 94_gcc45_format.dpatch which contains the patches from #614459
* Added sed snipped to debian/rules to remove dependencies from all .la
  files as requested in http://wiki.debian.org/ReleaseGoals/LAFileRemoval
* Removed --enable-tcp-md5 from ./configure call as this option has been
  renamed to --enable-linux24-tcp-md5 and is thus no longer needed.
* Bumped standards version to 3.9.2.

29. By Christian Hammers

* SECURITY:
  "This release fixes 2 denial of services in bgpd, which can be remotely
  triggered by malformed AS-Pathlimit or Extended-Community attributes.
  These issues have been assigned CVE-2010-1674 and CVE-2010-1675.
  Support for AS-Pathlimit has been removed with this release."
* Added Brazilian Portuguese debconf translation. Closes: #617735
* Changed section for quagga-doc from "doc" to "net".
* Added patch to fix FTBFS with latest GCC. Closes: #614459

28. By Marc Deslauriers

* SECURITY UPDATE: denial of service via malformed extended communities
  - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
    communities in bgpd/bgp_attr.c.
  - CVE-2010-1674
* SECURITY UPDATE: denial of service via AS_PATHLIMIT
  - debian/patches/99_no-aspathlimit.dpatch: remove AS_PATHLIMIT support
    in bgpd/bgp_attr.c.
  - CVE-2010-1675

27. By Christian Hammers

Added comment to init script (thanks to Marc Haber). Closes: #599524

26. By Matthias Klose

Fix FTBFS with ld --as-needed.

25. By Christian Hammers

Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259

24. By Christian Hammers

SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/quagga
This branch contains Public information 
Everyone can see this information.

Subscribers