Your message dated Fri, 27 Jan 2017 19:19:01 +0000
with message-id <[email protected]>
and subject line Bug#852454: fixed in quagga 1.1.1-1
has caused the Debian Bug report #852454,
regarding quagga: CVE-2017-5495
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
852454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852454
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: quagga
Version: 0.99.22.4-1
Severity: important
Tags: patch security upstream fixed-upstream
Hi,
the following vulnerability was published for quagga.
CVE-2017-5495[0]:
Telnet interface input buffer allocates unbounded amounts of memory
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5495
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: quagga
Source-Version: 1.1.1-1
We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Leggett <[email protected]> (supplier of updated quagga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 27 Jan 2017 10:48:50 +1100
Source: quagga
Binary: quagga quagga-core quagga-doc libquagga0 libquagga-dev quagga-bgpd
quagga-isisd quagga-ospf6d quagga-ospfd quagga-pimd quagga-ripd quagga-ripngd
Architecture: source amd64 all
Version: 1.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Scott Leggett <[email protected]>
Changed-By: Scott Leggett <[email protected]>
Description:
libquagga-dev - network routing daemons (development files)
libquagga0 - network routing daemons (libraries)
quagga - network routing daemons (metapackage)
quagga-bgpd - BGP4/BGP4+ routing daemon
quagga-core - network routing daemons (core abstraction layer)
quagga-doc - network routing daemons (documentation)
quagga-isisd - IS-IS routing daemon
quagga-ospf6d - OSPF6 routing daemon
quagga-ospfd - OSPF routing daemon
quagga-pimd - PIM routing daemon
quagga-ripd - RIPv1 routing daemon
quagga-ripngd - RIPng routing daemon
Closes: 852454
Changes:
quagga (1.1.1-1) unstable; urgency=low
.
* SECURITY:
- New upstream bugfix release, fixes CVE-2017-5495 (Closes: #852454).
* Remove patch disabling debug print statements; fixed upstream.
* Update libquagga0.symbols for libzebra SONAME bump.
Checksums-Sha1:
7ac0fa9ba96f94928c8d60efcca9d95bddcf3034 2720 quagga_1.1.1-1.dsc
b18648e49719d88351d91bf6782dd534de735f88 2173432 quagga_1.1.1.orig.tar.gz
a0aceef3e83ce20d431f4929deeaf52abf697b1d 39672 quagga_1.1.1-1.debian.tar.xz
85b262159ebba2ae43686d60d90b017cab363041 418152 libquagga-dev_1.1.1-1_amd64.deb
5e11fc3fb4ab6e69a3f38297ea3b14a721af1469 912694
libquagga0-dbgsym_1.1.1-1_amd64.deb
a44d815bda6a7ef92d490b5c0db1ada9d61c1334 340896 libquagga0_1.1.1-1_amd64.deb
96f89e296dc0bfd7c93935519be61465ab3e808d 686384
quagga-bgpd-dbgsym_1.1.1-1_amd64.deb
7526ae663fb687e0ae94ab18431ba11a574569fb 246184 quagga-bgpd_1.1.1-1_amd64.deb
a4eadc11c92874b7e0c677433bba1a1580c5d62e 466132
quagga-core-dbgsym_1.1.1-1_amd64.deb
f6d0ff29ea6dc6a47e37fe74ecff62a7efb05c12 232418 quagga-core_1.1.1-1_amd64.deb
c66cc17f3f9fdcb9b13d294ce20ec0506b936aa7 1025722 quagga-doc_1.1.1-1_all.deb
684a4caf15422ae36c06871e26ccab3da64191f6 324570
quagga-isisd-dbgsym_1.1.1-1_amd64.deb
cc9d4ef31c63c188515530994688434f35b86bc3 123654 quagga-isisd_1.1.1-1_amd64.deb
eb3ec6e6cf91d8af4814c4b441c61282ebf7928e 299666
quagga-ospf6d-dbgsym_1.1.1-1_amd64.deb
11db7d45ea972be8c7ea467fae91c07082e8dccd 121350 quagga-ospf6d_1.1.1-1_amd64.deb
d8ddad5a5526bea257b91d42736de6d0d1020d3d 22952
quagga-ospfd-dbgsym_1.1.1-1_amd64.deb
0be52fb27cdf72e8dfba4f11c63bf0987b683888 30964 quagga-ospfd_1.1.1-1_amd64.deb
4ddd1611b9731fee565e3a11751c0d87f208180c 280900
quagga-pimd-dbgsym_1.1.1-1_amd64.deb
95f526217363437afd0d87368180790c53287f24 110960 quagga-pimd_1.1.1-1_amd64.deb
0731d91fd4b7b080e6f08ad667c14c40a9aa3e01 124760
quagga-ripd-dbgsym_1.1.1-1_amd64.deb
d33be3722e69e655ec25a59deec4fc89ac3b4f38 63360 quagga-ripd_1.1.1-1_amd64.deb
22b93a3c6c2fd686d510937fa5cdb6b4ec3b8cdb 109300
quagga-ripngd-dbgsym_1.1.1-1_amd64.deb
68a1e223cb0399aa74578c25f04e5ae56e39ab2e 55716 quagga-ripngd_1.1.1-1_amd64.deb
ccdd56699a48e71bfb62a8c2e71a830401a18a27 13712 quagga_1.1.1-1_amd64.buildinfo
e73f9638de71c32454aef2e363385f5fc1b286c3 22624 quagga_1.1.1-1_amd64.deb
Checksums-Sha256:
3ab79520d9ff1944368b5505b38fce4954ed17292a1fbb3a7a909022198a1993 2720
quagga_1.1.1-1.dsc
cd464dd5575dfcedc6ad590eced904290d9c5fded89984bfa5610657dfb412bc 2173432
quagga_1.1.1.orig.tar.gz
45c382629f104bf869c902f965b9b587c5195a3ff33f193235c3a1e168473d0d 39672
quagga_1.1.1-1.debian.tar.xz
c7227712c3cfcb1518296bd45199c59237a56d36bf070b24dab24b57e3cdb197 418152
libquagga-dev_1.1.1-1_amd64.deb
f6437cbb4d41fc9f38387632b47d6b3a2e797ed0a1578cb1949df756dba4597c 912694
libquagga0-dbgsym_1.1.1-1_amd64.deb
db9f3954ed2d86fe21f305e0f19dc0e458aa4af71db9f317f2dfc94a3e888371 340896
libquagga0_1.1.1-1_amd64.deb
4f42c9dd25716792c974737d7f45e3b081e6852db610d090b6eec5b8d9b9384f 686384
quagga-bgpd-dbgsym_1.1.1-1_amd64.deb
92e7b2a1e7a9254aa19a1dcd862f873e5acd33227c5f715fc3c0617d454cce87 246184
quagga-bgpd_1.1.1-1_amd64.deb
6c82047c5c98c0f8a4c4c1413ba9b0f169fe25957c3b940581e423711c27d7cd 466132
quagga-core-dbgsym_1.1.1-1_amd64.deb
6da2c46ad181c2068cf4266985b271dbab15af78f0c1d9b2421929128c99a3d7 232418
quagga-core_1.1.1-1_amd64.deb
b7d602624ac3e22b91cd6d5684725ea5e6e76cab4e5c3a6198e4e994141bc237 1025722
quagga-doc_1.1.1-1_all.deb
928fac2b327c1110874b4b90e0dbf4c4dd60f29ba31a72afb2a2c4cbc15cd99e 324570
quagga-isisd-dbgsym_1.1.1-1_amd64.deb
972b1c989b41b75c46848d1f0e3c42aefb157f77bdd8ef12b9e63f2902e6e0f9 123654
quagga-isisd_1.1.1-1_amd64.deb
2400b28b85bf7a975820310606a9af66aa79226667d3c47225860e7f20687903 299666
quagga-ospf6d-dbgsym_1.1.1-1_amd64.deb
21b86b2be1121f78b2991c0a4bf077c24ff54af704fcf25bcfd5718dee92ae87 121350
quagga-ospf6d_1.1.1-1_amd64.deb
63b55bcf8e8363834a76711d651e5836bc2a44c39a6696953b1d7c740dfe1855 22952
quagga-ospfd-dbgsym_1.1.1-1_amd64.deb
24ef8a8bb01ac643c522b786e8f278a3f926c1f4d8156466f493683b53a2670d 30964
quagga-ospfd_1.1.1-1_amd64.deb
8c332a9f0a2af12a3b942f515842645e17470d560add964057ab2b0218ea86ff 280900
quagga-pimd-dbgsym_1.1.1-1_amd64.deb
64381ec14caeae6b67d336d285f6884c466a5cc4cf5b1b7afb4b2ede318a79cf 110960
quagga-pimd_1.1.1-1_amd64.deb
eee3cf1e27151643e6110d20d26e74fb30e9b08e2253900c774e92505f45013d 124760
quagga-ripd-dbgsym_1.1.1-1_amd64.deb
170ddd639a876940a647e2f4a6ae2e57fb8b45ef64aaa2552161535c389808dd 63360
quagga-ripd_1.1.1-1_amd64.deb
9dfec5525bed4379129e53864cd93f6702a9bddf38d6e7074c02ba853049334d 109300
quagga-ripngd-dbgsym_1.1.1-1_amd64.deb
4a52331ae51978426a23b0b9f7ba22a55f00fd80b604a3ab1e588cf21d6efdc3 55716
quagga-ripngd_1.1.1-1_amd64.deb
2f376b1174d7e9b222cc81889196e91fd56f0bf4313400619a4110b5d7eda4a0 13712
quagga_1.1.1-1_amd64.buildinfo
5e575a19e3aee2d5aa33f16058d2fd9aa6c54b1432fcbc6ea2965341e5432abf 22624
quagga_1.1.1-1_amd64.deb
Files:
3b6dc24916d89bf2ec1587baa8383408 2720 net optional quagga_1.1.1-1.dsc
1b63d3f9f1a0ba19ada60536c05eaaab 2173432 net optional quagga_1.1.1.orig.tar.gz
35b7433560ebc5a1d7580c4973b82d60 39672 net optional
quagga_1.1.1-1.debian.tar.xz
c65f19265f8a166e56e200b84e5aca67 418152 libdevel optional
libquagga-dev_1.1.1-1_amd64.deb
d9a8ae2195e149a3213fd3d49519ab95 912694 debug extra
libquagga0-dbgsym_1.1.1-1_amd64.deb
f6b5dc062fe13f5603c861039cbe7206 340896 libs optional
libquagga0_1.1.1-1_amd64.deb
2f41db1be1c8a31933e2a8b986c1286e 686384 debug extra
quagga-bgpd-dbgsym_1.1.1-1_amd64.deb
6ad2316992cc986d0eba4ad4c704fe56 246184 net optional
quagga-bgpd_1.1.1-1_amd64.deb
4322c1aa1bb449b9d268d1280deab2f6 466132 debug extra
quagga-core-dbgsym_1.1.1-1_amd64.deb
c5b2cdba515c463229782d872815f796 232418 net optional
quagga-core_1.1.1-1_amd64.deb
3a8a2f7965517b3ea02dcdc72b130675 1025722 doc optional
quagga-doc_1.1.1-1_all.deb
8de992a098f5cc50be8bad849a8ef6d5 324570 debug extra
quagga-isisd-dbgsym_1.1.1-1_amd64.deb
1cffd04f6d61816d9adb3f6972125ac0 123654 net optional
quagga-isisd_1.1.1-1_amd64.deb
76b56b73a94c009312681f359f43a5bf 299666 debug extra
quagga-ospf6d-dbgsym_1.1.1-1_amd64.deb
6931fa060e27d494143cf0712a376a5b 121350 net optional
quagga-ospf6d_1.1.1-1_amd64.deb
2abc97d84e6192f4f1364168bbd316e3 22952 debug extra
quagga-ospfd-dbgsym_1.1.1-1_amd64.deb
791340c1f82e0ad46228ac36cfca2b91 30964 net optional
quagga-ospfd_1.1.1-1_amd64.deb
a8ad8d4fca925d1817f3d9fe2ac72307 280900 debug extra
quagga-pimd-dbgsym_1.1.1-1_amd64.deb
0d7889791e6d94e57ac4425c2a5cff36 110960 net optional
quagga-pimd_1.1.1-1_amd64.deb
86f0e2da87c39fee0733efbf51520005 124760 debug extra
quagga-ripd-dbgsym_1.1.1-1_amd64.deb
d5f0c9da9452e01cca9e7d6790786785 63360 net optional
quagga-ripd_1.1.1-1_amd64.deb
84b84e64e3c633b75e5934a971f99d90 109300 debug extra
quagga-ripngd-dbgsym_1.1.1-1_amd64.deb
ffcd2135f2e4b6e7fcfe72b87de20281 55716 net optional
quagga-ripngd_1.1.1-1_amd64.deb
08ce9cc181969de0634c0b7631f2ee26 13712 net optional
quagga_1.1.1-1_amd64.buildinfo
0dfd729f0c014516adb96182ec1a6252 22624 net optional quagga_1.1.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAliLl7YQHGJlcm5hdEBs
dWZmeS5jeAAKCRCVpC/oNTUl+TgND/0T+FmJlEJUUcrVNqBK9dGPxdyW+Buhe+A6
rdw/vIYHn6eiGZLhVIgl8MfAH7ZRNsFtTRO/PZsO5Cb4sqUjRK9hH6Cqp2XhwvpB
Ap8k1zN/MuXPefpPI1TBBABu/DJXKHhJfJuQr+ppkszjJIhMwzoC0Iz20DcyXRjS
TDsgJcyvhEA2lAwXZDudcOI5z4HcofoUO729Qh1O4aBiakPCGfj2Fn5jvQaGB88b
WazQJB7WUwsiUIoUw7CED2wsBPbbKTWbsHE9q3gaa8mSSaOvy+nWHT6skpOMssM3
JdlJ4atMswrlACqPAXMDnVFUduBimYiqE4pywSuHFvyM29aX+p1+m5DGjf1v16mL
Q8oVlbqKa7Sn4WGNiAUp8eiaaJUD8/S8oYdF3USeG6D5YRaZYBu2eMjj/5yW5sMa
GtPmmcuPuIcq628iwVqfThkHi8f4l/yTH6dCMGXKch4VHMfHpFzGHlaJ6jZsO2TZ
0K8hg4X9ekygmmWJPk3lT508PumfRpxedUSGHQFRVS8EhibLB0cw5xJBmfHr47aP
OJ3/pGt8PmxZs5BqCB1MwIXEw2oqoI4fUAGJq+IwHFWipSNoRiB/4nemViZzGiKD
qDVkTaYzVsN7A2QVmQoZDMHVg7b+x8ye2bVnN8T8lPM+3Esm8TwraqEoCNx9V/VX
x6vqYic0hw==
=RUXL
-----END PGP SIGNATURE-----
--- End Message ---
