Change log for quagga package in Debian
| 1 → 68 of 68 results | First • Previous • Next • Last |
quagga (1.2.4-4) unstable; urgency=medium * Fix build depends (Closes: #932976) -- Brett Parker <email address hidden> Fri, 02 Aug 2019 08:36:29 +0100
Available diffs
- diff from 1.2.4-3 to 1.2.4-4 (470 bytes)
quagga (1.2.4-3) unstable; urgency=medium [ Ondřej Nový ] * d/copyright: Use https protocol in Format field * d/changelog: Remove trailing whitespaces [ Brett Parker ] * d/control: remove build dep on libpcre3-dev (Closes: #920310) -- Brett Parker <email address hidden> Sat, 26 Jan 2019 10:32:12 +0000
Available diffs
- diff from 1.2.4-2 to 1.2.4-3 (7.0 KiB)
- diff from 1.2.4-2build1 (in Ubuntu) to 1.2.4-3 (7.1 KiB)
| Published in jessie-release |
quagga (0.99.23.1-1+deb8u5) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* bgpd/security: Fix double free of unknown attribute (CVE-2018-5379)
Security issue: Quagga-2018-1114
* bgpd/security: debug print of received NOTIFY data can over-read msg array
(CVE-2018-5380)
Security issue: Quagga-2018-1550
* bgpd/security: fix infinite loop on certain invalid OPEN messages
(CVE-2018-5381)
Security issue: Quagga-2018-1975
-- Salvatore Bonaccorso <email address hidden> Tue, 13 Feb 2018 22:57:38 +0100
quagga (1.2.4-2) unstable; urgency=low * Correct previous changelog entry for CVE numbers * Re-enable building of watchquagga * Re-instate sysvinit scripts (Closes: #849011, #865874) -- Brett Parker <email address hidden> Sat, 31 Mar 2018 14:36:08 +0100
Available diffs
- diff from 1.2.4-1 to 1.2.4-2 (4.9 KiB)
quagga (1.2.4-1) unstable; urgency=medium
* New maintainer (Closes: #884919)
* New upstream release (Closes: #890563)
- Fixes CVE-2018-5278
- Fixes CVE-2018-5279
- Fixes CVE-2018-5280
- Fixes CVE-2018-5281
-- Brett Parker <email address hidden> Sat, 17 Mar 2018 15:33:00 +0000
Available diffs
- diff from 1.2.2-1ubuntu1 (in Ubuntu) to 1.2.4-1 (856.4 KiB)
| Published in stretch-release |
quagga (1.1.1-3+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* bgpd/security: invalid attr length sends NOTIFY with data overrun
(CVE-2018-5378)
Security issue: Quagga-2018-0543
* bgpd/security: Fix double free of unknown attribute (CVE-2018-5379)
Security issue: Quagga-2018-1114
* bgpd/security: debug print of received NOTIFY data can over-read msg array
(CVE-2018-5380)
Security issue: Quagga-2018-1550
* bgpd/security: fix infinite loop on certain invalid OPEN messages
(CVE-2018-5381)
Security issue: Quagga-2018-1975
-- Salvatore Bonaccorso <email address hidden> Tue, 13 Feb 2018 22:54:57 +0100
| Superseded in jessie-release |
quagga (0.99.23.1-1+deb8u4) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* bgpd: Fix AS_PATH size calculation for long paths (CVE-2017-16227)
(Closes: #879474)
-- Salvatore Bonaccorso <email address hidden> Mon, 30 Oct 2017 06:38:36 +0100
| Superseded in stretch-release |
quagga (1.1.1-3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* bgpd: Fix AS_PATH size calculation for long paths (CVE-2017-16227)
(Closes: #879474)
-- Salvatore Bonaccorso <email address hidden> Mon, 30 Oct 2017 06:25:29 +0100
quagga (1.2.2-1) unstable; urgency=medium * New upstream release (Closes: #879474, #857187). * Rework patches to apply against new upstream version. * Change zebra daemon GID to allow writing to /run/quagga (Closes: #880522). * Change group permissions on Quagga.conf (Closes: #847106). * Add missing build-dep on libc-ares-dev. * Add patch for documentation fixes (Closes: #879971). -- Scott Leggett <email address hidden> Sun, 05 Nov 2017 22:11:44 +1100
Available diffs
- diff from 1.1.1-3ubuntu1 (in Ubuntu) to 1.2.2-1 (171.9 KiB)
quagga (1.1.1-3) unstable; urgency=medium * Fix upgrade file conflict with old quagga packages (Closes: #859581). -- Scott Leggett <email address hidden> Wed, 05 Apr 2017 21:41:14 +1000
Available diffs
- diff from 1.1.1-1 to 1.1.1-3 (10.2 KiB)
quagga (1.1.1-2) unstable; urgency=medium
* Remove libquagga0 and libquagga-dev binary packages (Closes: #856936).
- Move shared objects into quagga-core, as they are currently intended
by upstream to be private.
- Avoid shipping headers and static libraries at all.
- Upstream plans to ship with a stable API/ABI in future, and these
changes will be reviewed then.
-- Scott Leggett <email address hidden> Sun, 26 Mar 2017 23:04:32 +1100
quagga (1.1.1-1) unstable; urgency=low
* SECURITY:
- New upstream bugfix release, fixes CVE-2017-5495 (Closes: #852454).
* Remove patch disabling debug print statements; fixed upstream.
* Update libquagga0.symbols for libzebra SONAME bump.
-- Scott Leggett <email address hidden> Fri, 27 Jan 2017 10:48:50 +1100
Available diffs
- diff from 1.1.0-3 to 1.1.1-1 (15.0 KiB)
| Superseded in jessie-release |
quagga (0.99.23.1-1+deb8u3) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
(Closes: #841162)
-- Salvatore Bonaccorso <email address hidden> Tue, 18 Oct 2016 09:57:46 +0200
quagga (1.1.0-3) unstable; urgency=low * Update .service file patch (Closes: #849953). -- Scott Leggett <email address hidden> Tue, 03 Jan 2017 22:07:12 +0800
Available diffs
- diff from 1.1.0-2 to 1.1.0-3 (1.2 KiB)
quagga (1.1.0-2) unstable; urgency=low * Fix autopkgtests. * Check for existing dpkg-statoverride on /etc/quagga (Closes: #847355). -- Scott Leggett <email address hidden> Fri, 09 Dec 2016 22:56:55 +1100
Available diffs
- diff from 1.0.20160315-3 to 1.1.0-2 (987.0 KiB)
- diff from 1.1.0-1 to 1.1.0-2 (622 bytes)
quagga (1.1.0-1) unstable; urgency=low
* New upstream release (Closes: #774760, #516226, #830515)
* Import packaging from the last debian release 1.0.20160315-3.
* Remove dump_fix.patch applied upstream.
* Remove patch which is no longer relevant.
* Remove patch for CVE-2016-1245 fixed upstream.
* Rely on automatic -dbgsym package rather than deprecated -dbg.
* Remove deprecated XS-testsuite header in debian/control.
* Remove template comment from debian/watch.
* Add patch to fix spelling and grammar errors.
* Register quagga-doc with doc-base.
* Add patch to fix ospfclient(8) manpage numbering.
* Added patch to avoid debug print statements on vtysh startup.
* Adopt package, set myself as maintainer (Closes: #836418).
* Add quagga user to quaggavty group in preinst.
* Drop patch for Debian pager default in vtysh (Closes: #788243).
* Update debian/copyright.
* Bump compat level to 10 (Closes: #534833).
* Use systemd .service files rather than init.d scripts (Closes: #678946,
#805840, #839819, #412483).
* Split quagga package out into multiple packages (Closes: #705306).
* Remove debconf question which left packages in inconsistent state.
* Add patch for manpage versioning.
* Update README.Debian, README.Maintainer.
* Removed patch on vtysh.conf.
* Add NEWS.Debian about the major changes to the package.
-- Scott Leggett <email address hidden> Mon, 21 Nov 2016 21:30:12 +1100
Available diffs
- diff from 1.0.20160315-3 to 1.1.0-1 (986.9 KiB)
quagga (1.0.20160315-3) unstable; urgency=high * Apply patch to fix CVE-2016-1245. Closes: #841162. -- Florian Weimer <email address hidden> Tue, 18 Oct 2016 22:06:18 +0200
Available diffs
| Superseded in jessie-release |
quagga (0.99.23.1-1+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-4049: Missing size check in bgp_dump_routes_func in
bgpd/bgp_dump.c allowing DoS (Closes: #822787).
* CVE-2016-4036: World readable sensitive files in /etc/quagga
(Closes: #835223).
-- Hugo Lefeuvre <email address hidden> Mon, 22 Aug 2016 10:27:07 +0200
quagga (1.0.20160315-2) unstable; urgency=high
* QA upload.
* Run wrap-and-sort.
* debian/control:
- Set QA group as maintainer, as Christian orphaned the package (see
#837358).
- Bump Standards-Version to 3.9.8.
* SECURITY:
- CVE-2016-4049: Missing size check in bgp_dump_routes_func in
bgpd/bgp_dump.c allowing DoS (Closes: #822787).
- CVE-2016-4036: World readable sensitive files in /etc/quagga
(Closes: #835223).
-- Hugo Lefeuvre <email address hidden> Sun, 11 Sep 2016 21:37:00 +0200
Available diffs
| Published in wheezy-release |
quagga (0.99.22.4-1+wheezy2) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length
(Closes: #819179)
-- Salvatore Bonaccorso <email address hidden> Thu, 24 Mar 2016 16:14:53 +0100
| Superseded in jessie-release |
quagga (0.99.23.1-1+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length
(Closes: #819179)
-- Salvatore Bonaccorso <email address hidden> Thu, 24 Mar 2016 16:26:12 +0100
quagga (1.0.20160315-1) unstable; urgency=high
* SECURITY:
CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length
(Closes: #819179)
* New upstream release
* babeld has been removed from the Quagga upstream project.
There is a implementation available in the Debian "babeld" package.
* Removed no longer recognized configure options: --enable-ospf-te,
--enable-opaque-lsa and --enable-ipv6
* Removed configure options that are now default: --enable-pimd and
--enable-vtysh
-- Christian Brunotte <email address hidden> Wed, 30 Mar 2016 23:34:33 +0200
Available diffs
quagga (0.99.24.1-2) unstable; urgency=low
* Renamed manpage pim.8 to quagga-pim.8 as the former name is already used
by the pimd package. Closes: 780252
-- Christian Brunotte <email address hidden> Thu, 12 Mar 2015 22:37:41 +0100
Available diffs
- diff from 0.99.23.1-1 to 0.99.24.1-2 (687.6 KiB)
| Superseded in sid-release |
quagga (0.99.24.1-1) unstable; urgency=low * New upstream release * Upstream fix for Zebra crash. -- Christian Brunotte <email address hidden> Sun, 08 Mar 2015 02:04:18 +0100
quagga (0.99.23.1-1) unstable; urgency=medium
* New upstream release
* Added .png figures for info files to quagga-doc package.
* Changed dependency from iproute to iproute2 (thanks to Andreas
Henriksson). Closes: #753736
* Added texlive-fonts-recommended to build-depends to get ecrm1095 font
(thanks to Christoph Biedl). Closes: #651545
-- Christian Brunotte <email address hidden> Tue, 30 Sep 2014 00:20:12 +0200
Available diffs
- diff from 0.99.23-1 to 0.99.23.1-1 (12.2 KiB)
quagga (0.99.23-1) unstable; urgency=low * New upstream release * Removed debian/patches/readline-6.3.diff which was already in upstream. -- Christian Hammers <email address hidden> Tue, 08 Jul 2014 09:15:48 +0200
Available diffs
- diff from 0.99.22.4-4 to 0.99.23-1 (357.8 KiB)
quagga (0.99.22.4-4) unstable; urgency=medium
* Fix build failure with readline-6.3 (thanks to Matthias Klose).
Closes: #741774
-- Christian Hammers <email address hidden> Sun, 23 Mar 2014 15:28:42 +0100
Available diffs
| Published in squeeze-release |
quagga (0.99.20.1-0+squeeze5) oldstable-security; urgency=high
* SECURITY:
ospfd: CVE-2013-2236, stack overrun in apiserver
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
Closes: #726724
* Re-upload with corrected distribution.
-- Christian Hammers <email address hidden> Sun, 24 Nov 2013 15:41:48 +0100
quagga (0.99.22.4-3) unstable; urgency=low * Added status to init script (thanks to Peter J. Holzer). Closes: #730625 * Init script now sources /lib/lsb/init-functions. * Switched from hardening-wrapper to dpkg-buildflags. -- Christian Hammers <email address hidden> Wed, 01 Jan 2014 19:12:01 +0100
Available diffs
- diff from 0.99.22.4-2 to 0.99.22.4-3 (1.6 KiB)
| Superseded in wheezy-release |
quagga (0.99.22.4-1+wheezy1) stable-security; urgency=high
* SECURITY:
CVE-2013-6051 - a bug in Quagga 0.99.21 that could let bgpd crash on
receiving normal, valid BGP updates. Closes: #730513
-- Christian Hammers <email address hidden> Tue, 26 Nov 2013 00:32:42 +0100
quagga (0.99.22.4-2) unstable; urgency=low
* Fixed typo in package description (thanks to Davide Prina).
Closes: #625860
* Added Italian Debconf translation (thanks to Beatrice Torracca)
Closes: #729798
-- Christian Hammers <email address hidden> Tue, 26 Nov 2013 00:47:11 +0100
Available diffs
- diff from 0.99.22.4-1 to 0.99.22.4-2 (1.3 KiB)
quagga (0.99.22.4-1) unstable; urgency=high
* SECURITY:
"ospfd: CVE-2013-2236, stack overrun in apiserver
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
If either of these does not hold, the relevant code is not executed and
the issue does not get triggered."
Closes: #726724
* New upstream release
- ospfd: protect vs. VU#229804 (malformed Router-LSA)
(Quagga is said to be non-vulnerable but still adds some protection)
-- Christian Hammers <email address hidden> Thu, 24 Oct 2013 22:58:37 +0200
Available diffs
- diff from 0.99.22.1-2 to 0.99.22.4-1 (10.7 KiB)
quagga (0.99.22.1-2) unstable; urgency=low
* Added autopkgtests (thanks to Yolanda Robla). Closes: #710147
* Added "status" command to init script (thanks to James Andrewartha).
Closes: #690013
* Added "libsnmp-dev" to Build-Deps. There not needed for the official
builds but for people who compile Quagga themselves to activate the
SNMP feature (which for licence reasons cannot be done by Debian).
Thanks to Ben Winslow). Closes: #694852
* Changed watchquagga_options to an array so that quotes can finally
be used as expected. Closes: #681088
* Fixed bug that prevented restarting only the watchquagga daemon
(thanks to Harald Kappe). Closes: #687124
-- Christian Hammers <email address hidden> Sat, 27 Jul 2013 16:06:25 +0200
Available diffs
quagga (0.99.21-4+wheezy1) testing-proposed-updates; urgency=medium
* Applied a patch to prevent ospfd to crash randomly when a neighbor
goes down. Thanks to David Lamparter for pointing out. Closes: #706120
-- Christian Hammers <email address hidden> Mon, 22 Apr 2013 23:00:01 +0200
quagga (0.99.22.1-1) unstable; urgency=low
* New upstream release
- ospfd restore nexthop IP for p2p interfaces
- ospfd: fix LSA initialization for build without opaque LSA
- ripd: correctly redistribute ifindex routes (BZ#664)
- bgpd: fix lost passwords of grouped neighbors
* Removed 91_ld_as_needed.diff as it was found in the upstream source.
-- Christian Hammers <email address hidden> Mon, 22 Apr 2013 22:21:20 +0200
Available diffs
- diff from 0.99.22-1 to 0.99.22.1-1 (11.8 KiB)
quagga (0.99.22-1) unstable; urgency=low
* New upstream release.
- [bgpd] The semantics of default-originate route-map have changed.
The route-map is now used to advertise the default route conditionally.
The old behaviour which allowed to set attributes on the originated
default route is no longer supported.
- [bgpd] this version of bgpd implements draft-idr-error-handling. This was
added in 0.99.21 and may not be desirable. If you need a version
without this behaviour, please use 0.99.20.1. There will be a
runtime configuration switch for this in future versions.
- [isisd] is in "beta" state.
- [ospf6d] is in "alpha/experimental" state
- More changes are documented in the upstream changelog!
* debian/watch: Adjusted to new savannah.gnu.org site, thanks to Bart
Martens.
* debian/patches/99_CVE-2012-1820_bgp_capability_orf.diff removed as its
in the changelog.
* debian/patches/99_distribute_list.diff removed as its in the changelog.
* debian/patches/10_doc__Makefiles__makeinfo-force.diff removed as it
was just for Debian woody.
-- Christian Hammers <email address hidden> Thu, 14 Feb 2013 00:22:00 +0100
Available diffs
- diff from 0.99.21-4 to 0.99.22-1 (206.8 KiB)
quagga (0.99.21-4) unstable; urgency=medium
* Fixed regression bug that caused OSPF "distribute-list" statements to be
silently ignored. The patch has already been applied upstream but there
has been no new Quagga release since then.
Thanks to Hans van Kranenburg for reporting. Closes: #697240
-- Christian Hammers <email address hidden> Sun, 06 Jan 2013 15:50:32 +0100
Available diffs
- diff from 0.99.21-3 to 0.99.21-4 (1.1 KiB)
| Superseded in squeeze-release |
quagga (0.99.20.1-0+squeeze3) stable-security; urgency=high
* SECURITY:
CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling.
A denial-of-service condition could be caused by an attacker controlling
one of the pre-configured BGP peers. In most cases this means, that the
attack must be originated from an adjacent network. Closes: #676510
-- Christian Hammers <email address hidden> Fri, 08 Jun 2012 01:27:32 +0200
quagga (0.99.21-3) unstable; urgency=high
* SECURITY:
CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling.
A denial-of-service condition could be caused by an attacker controlling
one of the pre-configured BGP peers. In most cases this means, that the
attack must be originated from an adjacent network. Closes: #676510
-- Christian Hammers <email address hidden> Fri, 08 Jun 2012 01:15:32 +0200
Available diffs
- diff from 0.99.21-2 to 0.99.21-3 (1.9 KiB)
| Superseded in squeeze-release |
quagga (0.99.20.1-0+squeeze2) stable-security; urgency=high
* Applied fix for a bgpd memory leak related to extra attributes.
The bug was intruduced with the upgrade to 0.99.20.1 with the
latest security release. Closes: #670940
-- Christian Hammers <email address hidden> Fri, 04 May 2012 08:54:40 +0200
quagga (0.99.21-2) unstable; urgency=low
* Renamed babeld.8 to quagga-babeld.8 as it conflicted with the
original mapage of the babeld package which users might want to
install in parallel as it is slightly more capable. Closes: #671916
-- Christian Hammers <email address hidden> Thu, 10 May 2012 07:53:01 +0200
Available diffs
- diff from 0.99.20.1-1 to 0.99.21-2 (316.6 KiB)
quagga (0.99.21-1) unstable; urgency=low
* New upstream release
- [bgpd] BGP multipath support has been merged
- [bgpd] SAFI (Multicast topology) support has been extended to propagate
the topology to zebra.
- [bgpd] AS path limit functionality has been removed
- [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing
protocol has been merged.
- [isisd] a major overhaul has been picked up. Please note that isisd is
STILL NOT SUITABLE FOR PRODUCTION USE.
- a lot of bugs have been fixed
* Added watchquagga daemon.
* Added DEP-3 conforming patch comments.
-- Christian Hammers <email address hidden> Sun, 06 May 2012 15:33:33 +0200
quagga (0.99.20.1-1) unstable; urgency=high
* SECURITY:
CVE-2012-0249 - Quagga ospfd DoS on malformed LS-Update packet
CVE-2012-0250 - Quagga ospfd DoS on malformed Network-LSA data
CVE-2012-0255 - Quagga bgpd DoS on malformed OPEN message
* New upstream release. Closes: #664033
-- Christian Hammers <email address hidden> Fri, 16 Mar 2012 22:14:05 +0100
Available diffs
- diff from 0.99.20-3 to 0.99.20.1-1 (216.3 KiB)
| Published in lenny-release |
quagga (0.99.10-1lenny6) lenny-security; urgency=high
* SECURITY:
This is a backport of the security patches of Quagga 0.99.19 and 0.99.20:
- The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
modified Database Description and Link State Update messages,
respectively, can result in denial of service in IPv6 routing.
- The vulnerability CVE-2011-3325 is a denial of service vulnerability
related to Hello message handling by the OSPF service. As Hello messages
are used to initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established adjacency.
A malformed packet may result in denial of service in IPv4 routing.
- The vulnerability CVE-2011-3326 results from the handling of LSA (Link
State Advertisement) states in the OSPF service. Receiving a modified
Link State Update message with malicious state information can result in
denial of service in IPv4 routing.
- The vulnerability CVE-2011-3327 is related to the extended communities
handling in BGP messages. Receiving a malformed BGP update can result in
a buffer overflow and disruption of IPv4 routing.
-- Florian Weimer <email address hidden> Sun, 02 Oct 2011 14:28:25 +0200
quagga (0.99.20-4) unstable; urgency=low * Switch to dpkg-source 3.0 (quilt) format. * Switch to changelog-format-1.0. -- Christian Hammers <email address hidden> Sat, 25 Feb 2012 18:52:06 +0100
quagga (0.99.20-3) unstable; urgency=low
* Added --sysconfdir back to the configure options (thanks to Sven-Haegar
Koch). Closes: #645649
-- Christian Hammers <email address hidden> Tue, 18 Oct 2011 00:24:37 +0200
quagga (0.99.20-2) unstable; urgency=low * Bumped standards version to 0.9.2. * Migrated to "dh" build system. * Added quagga-dbg package. -- Christian Hammers <email address hidden> Fri, 14 Oct 2011 23:59:26 +0200
| Superseded in squeeze-release |
quagga (0.99.17-2+squeeze3) stable-security; urgency=high
* SECURITY:
This is a backport of the security patches of Quagga 0.99.19 and 0.99.20:
- The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
modified Database Description and Link State Update messages,
respectively, can result in denial of service in IPv6 routing.
- The vulnerability CVE-2011-3325 is a denial of service vulnerability
related to Hello message handling by the OSPF service. As Hello messages
are used to initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established adjacency.
A malformed packet may result in denial of service in IPv4 routing.
- The vulnerability CVE-2011-3326 results from the handling of LSA (Link
State Advertisement) states in the OSPF service. Receiving a modified
Link State Update message with malicious state information can result in
denial of service in IPv4 routing.
- The vulnerability CVE-2011-3327 is related to the extended communities
handling in BGP messages. Receiving a malformed BGP update can result in
a buffer overflow and disruption of IPv4 routing.
-- Christian Hammers <email address hidden> Sun, 02 Oct 2011 01:00:22 +0200
| Superseded in lenny-release |
quagga (0.99.10-1lenny5) oldstable-security; urgency=high * Fix crash in Extended Communities handling (CVE-2010-1674) * Remove support for AS_PATHLIMIT (CVE-2010-1675) * Fix format string issue in vty_hello -- Florian Weimer <email address hidden> Mon, 21 Mar 2011 06:21:32 +0100
quagga (0.99.20-1) unstable; urgency=low
* New upstream release:
"The primary focus of this release is a fix of SEGV regression in ospfd,
which was introduced in 0.99.19. It also features a series of minor
improvements, including better RFC compliance in bgpd, better support
of FreeBSD and some enhancements to isisd."
* Fixes off-by-one bug (removed 20_ospf6_area_argv.dpatch). Closes: #519488
-- Christian Hammers <email address hidden> Fri, 30 Sep 2011 00:59:24 +0200
quagga (0.99.19-1) unstable; urgency=high
* SECURITY:
"This release provides security fixes, which address assorted
vulnerabilities in bgpd, ospfd and ospf6d (CVE-2011-3323,
CVE-2011-3324, CVE-2011-3325, CVE-2011-3326 and CVE-2011-3327).
* New upstream release.
* Removed incorporated debian/patches/92_opaque_lsa_enable.dpatch.
* Removed incorporated debian/patches/93_opaque_lsa_fix.dpatch.
* Removed obsolete debian/README.Debian.Woody and README.Debian.MD5.
-- Christian Hammers <email address hidden> Tue, 27 Sep 2011 00:16:27 +0200
quagga (0.99.18-2) unstable; urgency=low * Removed 90_configure_ncurses.dpatch which does not have any visible effect to the control files dependencies nor to the ldd usr/bin/vtysh output anymore. The web site with the "checklib" tool that reported warnings for superfluous dependencies in 2006 cannot be found anymore. * Removed 10_doc__Makefiles__makeinfo-force.dpatch which was only for the 'woody' release. * Added 94_gcc45_format.dpatch which contains the patches from #614459 * Added sed snipped to debian/rules to remove dependencies from all .la files as requested in http://wiki.debian.org/ReleaseGoals/LAFileRemoval * Removed --enable-tcp-md5 from ./configure call as this option has been renamed to --enable-linux24-tcp-md5 and is thus no longer needed. * Bumped standards version to 3.9.2. -- Christian Hammers <email address hidden> Wed, 27 Jul 2011 22:20:50 +0200
| Superseded in squeeze-release |
quagga (0.99.17-2+squeeze2) stable-security; urgency=high * Fix crash in Extended Communities handling (CVE-2010-1674) * Remove support for AS_PATHLIMIT (CVE-2010-1675) * Fix format string issue in vty_hello -- Florian Weimer <email address hidden> Tue, 22 Feb 2011 14:18:42 +0100
quagga (0.99.18-1) unstable; urgency=low * SECURITY: "This release fixes 2 denial of services in bgpd, which can be remotely triggered by malformed AS-Pathlimit or Extended-Community attributes. These issues have been assigned CVE-2010-1674 and CVE-2010-1675. Support for AS-Pathlimit has been removed with this release." * Added Brazilian Portuguese debconf translation. Closes: #617735 * Changed section for quagga-doc from "doc" to "net". * Added patch to fix FTBFS with latest GCC. Closes: #614459 -- Christian Hammers <email address hidden> Tue, 22 Mar 2011 23:13:34 +0100
quagga (0.99.17-4) unstable; urgency=low * Added comment to init script (thanks to Marc Haber). Closes: #599524 -- Christian Hammers <email address hidden> Thu, 13 Jan 2011 23:53:29 +0100
| Superseded in lenny-release |
quagga (0.99.10-1lenny3) stable-security; urgency=high * 99_segment_type_check: fix bgpd crash on invalid segment type (CVE-2010-2949) * 99_fix_confederation-1, 99_fix_confederation-2: fix confederations handling in bgpd, addressing a session reset issue * 99_route_refresh: tighten bounds checking in RR ORF msg reader (CVE-2010-2948) -- Florian Weimer <email address hidden> Thu, 02 Sep 2010 21:04:48 +0200
quagga (0.99.17-2) unstable; urgency=low * Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259 -- Christian Hammers <email address hidden> Sat, 18 Sep 2010 12:20:07 +0200
quagga (0.99.17-1) unstable; urgency=high
* SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262
-- Christian Hammers <email address hidden> Wed, 25 Aug 2010 00:52:48 +0200
quagga (0.99.16-1) unstable; urgency=low * New upstream release. Closes: #574527 * Added chrpath to debian/rules to fix rpath problems that lintian spottet. -- Christian Hammers <email address hidden> Sun, 21 Mar 2010 17:05:40 +0100
quagga (0.99.15-1) unstable; urgency=low
* New upstream release
"This fixes some annoying little ospfd and ospf6d regressions, which made
0.99.14 a bit of a problem release (...) This release still contains a
regression in the "no ip address ..." command, at least on Linux.
See bug #486, which contains a workaround patch. This release should be
considered a 1.0.0 release candidate. Please test this release as widely
as possible."
* Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst).
Closes: #517860
* Added Russian Debconf tanslation (thanks to Yuri Kozlov).
Closes: #539464
* Removed so-version in build-dep to libreadline-dev on request of
Matthias Klose.
* Added README.source with reference to dpatch as suggested by lintian.
* Bumped standards versionto 3.8.3.
-- Christian Hammers <email address hidden> Sun, 13 Sep 2009 18:12:06 +0200
quagga (0.99.14-1) unstable; urgency=low
* New upstream release
"This release contains a regression fix for ospf6d, various small fixes
and some hopefully very significant bgpd stability fixes.
This release should be considered a 1.0.0 release candidate. Please test
this release as widely as possible."
* Fixes bug with premature LSA aging in ospf6d. Closes: #535030
* Fixes section number in zebra.8 manpage. Closes: #517860
-- Christian Hammers <email address hidden> Sat, 25 Jul 2009 00:40:38 +0200
quagga (0.99.13-2) unstable; urgency=low
* Added Japanese Debconf translation (thanks to Hideki Yamane).
Closes: #510714
* When checking for obsoleted config options in preinst, print filename
where it occures (thanks to Michael Bussmann). Closes: #339489
-- Christian Hammers <email address hidden> Sun, 19 Jul 2009 17:13:23 +0200
quagga (0.99.13-1) unstable; urgency=low
* New upstream release
"This release is contains a number of small fixes, for potentially
irritating issues, as well as small enhancements to vtysh and support
for linking to PCRE (a much faster regex library)."
* Added build-dep to gawk as configure required it for memtypes.awk
* Replaced build-dep to gs-gpl with ghostscript as requested by lintian
* Minor changes to copyright and control files to make lintian happy.
-- Christian Hammers <email address hidden> Wed, 24 Jun 2009 17:53:28 +0200
| Superseded in lenny-release |
quagga (0.99.10-1lenny2) stable-security; urgency=high * Apply patch from Chris Caputo to fix crash on certain AS4 BGP updates. -- Florian Weimer <email address hidden> Mon, 04 May 2009 09:35:11 +0200
quagga (0.99.11-2) unstable; urgency=high * Apply patch from Chris Caputo to fix AS4 crash. * Fix FTBFS due to changed ImageMagick convert command, option -dither. -- Florian Weimer <email address hidden> Mon, 04 May 2009 10:10:13 +0200
| Superseded in lenny-release |
quagga (0.99.10-1lenny1) testing-proposed-updates; urgency=low
* Fixed bug that caused routes which were added externally, e.g. by
"ip route add", to be ignored by Quagga (thanks to Hannes Schulz).
Closes: #495232
-- Christian Hammers <email address hidden> Sun, 04 Jan 2009 20:08:28 +0100
quagga (0.99.11-1) unstable; urgency=low
* New upstream release
"Most regressions in 0.99 over 0.98 are now believed to be fixed. This
release should be considered a release-candidate for a new stable series."
+ bgpd: Preliminary UI and Linux-IPv4 support for TCP-MD5 merged
+ zebra: ignore dead routes in RIB update
+ [ospfd] Default route needs to be refreshed after neighbour state change
+ [zebra:netlink] Set proto/scope on all route update messages
* Removed debian/patches/20_*bgp*md5*.dpatch due to upstream support.
-- Christian Hammers <email address hidden> Thu, 09 Oct 2008 22:56:38 +0200
quagga (0.99.10-1) unstable; urgency=medium
* New upstream release
+ bgpd: 4-Byte AS Number support
+ Sessions were incorrectly reset if a partial AS-Pathlimit attribute
was received.
+ Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been
broken in the 0.99.9 release. Closes: #467656
-- Christian Hammers <email address hidden> Tue, 08 Jul 2008 23:32:42 +0200
| 1 → 68 of 68 results | First • Previous • Next • Last |
