subject:"\[Bug 2064404\] Re\: Merge frr from Debian unstable for oracular"

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

2024-07-31 Thread Launchpad Bug Tracker

This bug was fixed in the package frr - 10.0.1-0.1ubuntu1

---
frr (10.0.1-0.1ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2064404). Remaining changes:
- Fix logging with Ubuntu's unprivileged rsyslog (LP #1958162):
  + d/frr.postinst: change log files ownership
  + d/frr.logrotate: change rotated log file ownership
  * Dropped security patches included upstream:
- SECURITY UPDATE: DoS via MP_REACH_NLRI data
  + debian/patches/CVE-2023-46752.patch: handle MP_REACH_NLRI malformed
packets with session reset in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
bgpd/bgp_packet.c.
  + CVE-2023-46752
- SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
  + debian/patches/CVE-2023-46753.patch: check mandatory attributes more
carefully for UPDATE message in bgpd/bgp_attr.c.
  + CVE-2023-46753
- SECURITY UPDATE: read beyond stream during labeled unicast parsing
  + debian/patches/CVE-2023-38407.patch: fix use beyond end of stream of
labeled unicast parsing in bgpd/bgp_label.c.
  + CVE-2023-38407
- SECURITY UPDATE: crash via malformed BGP UPDATE message
  + debian/patches/CVE-2023-47235.patch: treat EOR as withdrawn to avoid
unwanted handling of malformed attrs in bgpd/bgp_attr.c.
  + CVE-2023-47235
- SECURITY UPDATE: crash via MP_UNREACH_NLRI attribute
  + debian/patches/CVE-2023-47234.patch: ignore handling NLRIs if we
received MP_UNREACH_NLRI in bgpd/bgp_attr.c, bgpd/bgp_attr.h,
bgpd/bgp_packet.c.
  + CVE-2023-47234
- SECURITY UPDATE: DoS via malformed OSPF LSA packet
  + debian/patches/CVE-2024-27913.patch: solved crash in OSPF TE parsing
in ospfd/ospf_te.c.
  + CVE-2024-27913

 -- Andreas Hasenack   Mon, 29 Jul 2024 09:49:25
-0300

** Changed in: frr (Ubuntu)
   Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38407

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-46752

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-46753

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-47234

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-47235

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-27913

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064404

Title:
  Merge frr from Debian unstable for oracular

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/frr/+bug/2064404/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

2024-07-29 Thread Andreas Hasenack

** Merge proposal linked:
   
https://code.launchpad.net/~ahasenack/ubuntu/+source/frr/+git/frr/+merge/470267

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064404

Title:
  Merge frr from Debian unstable for oracular

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/frr/+bug/2064404/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

2024-07-25 Thread Andreas Hasenack

** Changed in: frr (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064404

Title:
  Merge frr from Debian unstable for oracular

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/frr/+bug/2064404/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

2024-05-01 Thread Andreas Hasenack

** Changed in: frr (Ubuntu)
 Assignee: (unassigned) => Andreas Hasenack (ahasenack)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064404

Title:
  Merge frr from Debian unstable for oracular

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/frr/+bug/2064404/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

[Bug 2064404] Re: Merge frr from Debian unstable for oracular

4 matches

Site Navigation

Mail list logo

Footer information