Public bug reported:
Please sync quagga 1.0.20160315-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service or arbitrary code execution via
Labeled-VPN SAFI and crafted packet
- debian/patches/CVE-2016-2342.patch: sanity check lengths in
bgpd/bgp_mplsvpn.c.
- CVE-2016-2342
Done in Debian.
Changelog entries since current yakkety version 0.99.24.1-2ubuntu1:
quagga (1.0.20160315-1) unstable; urgency=high
* SECURITY:
CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length
(Closes: #819179)
* New upstream release
* babeld has been removed from the Quagga upstream project.
There is a implementation available in the Debian "babeld" package.
* Removed no longer recognized configure options: --enable-ospf-te,
--enable-opaque-lsa and --enable-ipv6
* Removed configure options that are now default: --enable-pimd and
--enable-vtysh
-- Christian Brunotte <c...@debian.org> Wed, 30 Mar 2016 23:34:33 +0200
** Affects: quagga (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: quagga (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1589315
Title:
Sync quagga 1.0.20160315-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quagga/+bug/1589315/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
