Bug#1036062: frr: CVE-2023-31490

2023-07-29 Thread Aron Xu
Hi, On Tue, 11 Jul 2023 13:47:46 +0300 Adrian Bunk wrote: > On Tue, Jun 13, 2023 at 03:17:52PM +0200, David Lamparter wrote: > > Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b on stable/8.4 > > branch. > > > > Debian fix incoming with bump to 8.4.4 if that's OK? That wouldn't be a >

Bug#1036061: Bug#1036062: frr: CVE-2023-31490

2023-07-11 Thread Adrian Bunk
On Tue, Jun 13, 2023 at 03:17:52PM +0200, David Lamparter wrote: > Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b on stable/8.4 > branch. > > Debian fix incoming with bump to 8.4.4 if that's OK? That wouldn't be a > targeted security fix, but FRR minor versions are bugfix-only. These

Bug#1036062: frr: CVE-2023-31490

2023-06-13 Thread David Lamparter
Argh, wrong bug, previous mail was for 1036061. On Tue, Jun 13, 2023 at 03:17:52PM +0200, David Lamparter wrote: > Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b on stable/8.4 > branch. CVE-2023-31489 / 1036062 was fixed upstream on master but not backported to 8.4 yet; now pending up

Bug#1036062: frr: CVE-2023-31490

2023-06-13 Thread David Lamparter
Fixed upstream in 9f1ba873637fd6ce4a2d366eafcf41402775852b on stable/8.4 branch. Debian fix incoming with bump to 8.4.4 if that's OK? That wouldn't be a targeted security fix, but FRR minor versions are bugfix-only. -equi

Bug#1036062: frr: CVE-2023-31490

2023-05-14 Thread Salvatore Bonaccorso
Source: frr Version: 8.4.2-1 Severity: grave Tags: security upstream Forwarded: https://github.com/FRRouting/frr/issues/13099 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for frr. CVE-2023-31490[0]: | An issue found in Frrouting bgpd v.8.4.