Your message dated Sun, 16 Jul 2023 09:05:50 +0000
with message-id <[email protected]>
and subject line Bug#1036062: fixed in frr 8.4.4-1
has caused the Debian Bug report #1036062,
regarding frr: CVE-2023-31490
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1036062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036062
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: frr
Version: 8.4.2-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/FRRouting/frr/issues/13099
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for frr.
CVE-2023-31490[0]:
| An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to
| cause a denial of service via the bgp_attr_psid_sub() function.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-31490
https://www.cve.org/CVERecord?id=CVE-2023-31490
[1] https://github.com/FRRouting/frr/issues/13099
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: frr
Source-Version: 8.4.4-1
Done: David Lamparter <[email protected]>
We believe that the bug you reported is fixed in the latest version of
frr, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Lamparter <[email protected]> (supplier of updated frr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 12 Jul 2023 14:28:34 +0200
Source: frr
Architecture: source
Version: 8.4.4-1
Distribution: unstable
Urgency: medium
Maintainer: David Lamparter <[email protected]>
Changed-By: David Lamparter <[email protected]>
Closes: 1036061 1036062
Changes:
frr (8.4.4-1) unstable; urgency=medium
.
* new upstream release FRR 8.4.4
* upstream fix CVE-2023-31489 (closes: #1036061)
* upstream fix CVE-2023-31490 (closes: #1036062)
* correctly use sphinxdoc:Built-Using
* point watch file at git tarball, no more upstream dist tarballs
Checksums-Sha1:
630f3ee487ee65c49ffc82fb31c30bd50dd4d5ce 2095 frr_8.4.4-1.dsc
8f9ca0cf40ee496bb92082ce168340d66d57655d 7302212 frr_8.4.4.orig.tar.xz
15077b8a0076bd24e3380ab6c85053abf2ccb7e7 31196 frr_8.4.4-1.debian.tar.xz
c11f5c6d894990f504599ca692a0373d7d1a4dd0 10730 frr_8.4.4-1_amd64.buildinfo
Checksums-Sha256:
6330d81c9c93539c389b96aac2f88c0861198c8768bcd2b41de5d85121d1bc0f 2095
frr_8.4.4-1.dsc
77f942795cd15b1b792d9bf712905edebf1803fcdaaa393d0ef0d2c1998d75d2 7302212
frr_8.4.4.orig.tar.xz
013fe220e25c6ba8cf9407d61279c7ac542540be6f2dcaeed4689fae61ccbf60 31196
frr_8.4.4-1.debian.tar.xz
14ae4d7bfd249f889461c1db1d5ba559bced65361d76d078f9590b4e0658a141 10730
frr_8.4.4-1_amd64.buildinfo
Files:
d52b5a15e47a1125bb3a497e80183487 2095 net optional frr_8.4.4-1.dsc
bc2cc4fdfc5c555283613c7bf1bd4506 7302212 net optional frr_8.4.4.orig.tar.xz
2b4d8fcfdadc5f33f1f555dc1f8cb44c 31196 net optional frr_8.4.4-1.debian.tar.xz
e99fde3f66cf777cac0d71782bde075a 10730 net optional frr_8.4.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCZLOtUgAKCRDLPsM64d7X
gdBAAP91YHTHxMdi6SEVzDMhQtLmiKCQukoABXW02osPgi5BhQD+PsgpPUrGJF+e
OjjK+NEROZlLlqO8ulCMnxJTV1ELQwQ=
=FzYy
-----END PGP SIGNATURE-----
--- End Message ---
