Your message dated Sun, 27 Mar 2016 19:47:33 +0000 with message-id <e1akger-00067l...@franck.debian.org> and subject line Bug#819179: fixed in quagga 0.99.22.4-1+wheezy2 has caused the Debian Bug report #819179, regarding quagga: CVE-2016-2342 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 819179: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819179 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: quagga Version: 0.99.22.4-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for quagga. CVE-2016-2342[0]: | The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI | parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 | configuration is used, relies on a Labeled-VPN SAFI routes-data length | field during a data copy, which allows remote attackers to execute | arbitrary code or cause a denial of service (stack-based buffer | overflow) via a crafted packet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2342 [1] http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: quagga Source-Version: 0.99.22.4-1+wheezy2 We believe that the bug you reported is fixed in the latest version of quagga, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 819...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated quagga package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 24 Mar 2016 16:14:53 +0100 Source: quagga Binary: quagga quagga-dbg quagga-doc Architecture: source amd64 all Version: 0.99.22.4-1+wheezy2 Distribution: wheezy-security Urgency: high Maintainer: Christian Hammers <c...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: quagga - BGP/OSPF/RIP routing daemon quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols) quagga-doc - documentation files for quagga Closes: 819179 Changes: quagga (0.99.22.4-1+wheezy2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length (Closes: #819179) Checksums-Sha1: 116adbe1284293a429fb05c219f9df6d9bcdd22d 2139 quagga_0.99.22.4-1+wheezy2.dsc 92876f1bd256baf7323b7931477e1c14be944bde 41429 quagga_0.99.22.4-1+wheezy2.debian.tar.gz 0a4e825351e902c01e9f6e1d3fff9968d1fec499 1725204 quagga_0.99.22.4-1+wheezy2_amd64.deb 31c992584a6a9a575acf517a2918a2ddba586a75 2528660 quagga-dbg_0.99.22.4-1+wheezy2_amd64.deb f3663104b4d0fdeb0d1667a51bcfb61e431e3dc3 656514 quagga-doc_0.99.22.4-1+wheezy2_all.deb Checksums-Sha256: 19364d84ebb1c979bf7fd259be60af6f668a49d0889bb259c34b5fb6861d1766 2139 quagga_0.99.22.4-1+wheezy2.dsc 091e57dfe070c70264079e436999dd629cbe18f03a4eaff29cd87718669e05de 41429 quagga_0.99.22.4-1+wheezy2.debian.tar.gz 8a629081b8d6d67da8b320784618700cb32d67cbde23e2a4b0e265d3a850f7a6 1725204 quagga_0.99.22.4-1+wheezy2_amd64.deb ce42ebcfb275adc31a0a8fdd6c8de39fec23bb3c4a9df5da00973f4951a28271 2528660 quagga-dbg_0.99.22.4-1+wheezy2_amd64.deb 7a7767b5e7c42edb7aa69582f98f8c894ec445844332f3f10544e26cdcfc9bc4 656514 quagga-doc_0.99.22.4-1+wheezy2_all.deb Files: c7e2401a61d86da4806179ceccea998c 2139 net optional quagga_0.99.22.4-1+wheezy2.dsc 3db4379d89c606f6f9750501deacf5a2 41429 net optional quagga_0.99.22.4-1+wheezy2.debian.tar.gz 9be22376edc87b1d2b9a9160b502690b 1725204 net optional quagga_0.99.22.4-1+wheezy2_amd64.deb faadd7a4621deb3e9c6e3c28f981460c 2528660 debug extra quagga-dbg_0.99.22.4-1+wheezy2_amd64.deb 93da4e467255bec2cdf10e35c69c87d3 656514 net optional quagga-doc_0.99.22.4-1+wheezy2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJW96JsAAoJEAVMuPMTQ89EcrYQAIImdSu7PgVk9zMtyFIKXDbw lHwS8q1UQ46uzTXmGxTNtPqwHXxhqG/Mwxr2KHeu8yYqRTaTVICRj4BX2bqAEmmu ESVCP5YYfFjPIZ6gpmxxvp05cD4KOv38iCUWU/lNp4cN5Vp7qtyI7CuDy3YNNg2/ PUnmU7cPe6F7kkEypZcMbQEwLpEukwPGksGc+WVxtQkLGL92Pdiyo1pA8LMDyx02 cHfZ/RBQ9X+wilrnjmAcm7IEMd9ynvYFa1D20KnIcBN5nPkqrx2+y5eyJCRRrQzd yzDm4fsj/+izUT/zkT8Kc5FeclYSGhhRIXLVygODZpvPJrMPedaJQJHfyI4ydWBF ryyNJE6YnUJjqb6RAca8G/Gvr4ldhymDFRv9itykZqIgocRuq+zqP9EOT41S3Plj O1G4WWCja+0Vt/IpTWlU+6cM3pRHjFAiY0cNFy7fuW2zUystl6HverIek0nyIV2z 0ZQQGCW8mAa+ctPy1awktJHIxdxCl3c/GRu6Q3zsVbLWVPqgNyZWC2Wm0xVqCzH6 dE7tysC0wf6wA5SKxMAoli7JRfnnDdpRIC1HcfSYCsNW8egupNKckm0c+JaRiRIN YnOiVtCwQYZGc/IxdJFTwzNe6azZP/cFqdCm/1OTLdF+ZxpDejwCcaSfGA40a9Mm j7Z/LIkPvjfVuPYqZ33a =LrG3 -----END PGP SIGNATURE-----
--- End Message ---
