-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 27 Oct 2013 23:38:09 +0100 Source: quagga Binary: quagga quagga-dbg quagga-doc Architecture: s390x Version: 0.99.21-4+wheezy2 Distribution: wheezy-security Urgency: high Maintainer: s390x Build Daemon (zemlinsky) Changed-By: Christian Hammers Description: quagga - BGP/OSPF/RIP routing daemon quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols) quagga-doc - documentation files for quagga Closes: 726724 Changes: quagga (0.99.21-4+wheezy2) stable-security; urgency=high . * Applied a patch that fixes the following security issue: "ospfd: CVE-2013-2236, stack overrun in apiserver . the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads to an exploitable stack overflow. . For this condition to occur, the following two conditions must be true: - Quagga is configured with --enable-opaque-lsa - ospfd is started with the "-a" command line option" Closes: #726724 Checksums-Sha1: 6568709cd98a6ad2983221531564c51aa7d1ec60 1819828 quagga_0.99.21-4+wheezy2_s390x.deb b604fbcb81f21baee58a6d6be494670dbc368860 1922590 quagga-dbg_0.99.21-4+wheezy2_s390x.deb Checksums-Sha256: a2a143a1899e3ea0c51bdf4f705ef75325d6499848b1bb60d6bcf9f4db69c486 1819828 quagga_0.99.21-4+wheezy2_s390x.deb 7ca0579a1fb96deb8482d27327a738060804cd8c3c76d8ff8cb23ac6fe7d1efa 1922590 quagga-dbg_0.99.21-4+wheezy2_s390x.deb Files: a8549b4ca1a957cbe6d1a2171d5db24a 1819828 net optional quagga_0.99.21-4+wheezy2_s390x.deb d38084e1fddf611cca80a5dc84975903 1922590 debug extra quagga-dbg_0.99.21-4+wheezy2_s390x.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJSgV8cAAoJEK/FFAVS3Ja4BJUQAMhX5EsJ5gyUv9tlK0kxF0jT 8z1EqW6AwQsoRiuzs+RpmlpTNPYbJWcxZfQSYBIUqJyOmxtqwbKvo21GTZy4Z1H6 Vmj0dAMMnnsE7hj5Z+y2dxf90vwQYJYZBZD9s7y21eXn2Bo5sAq+KIqWMAs33emW CpK2Ty3slaQbeABzxJHBpmLAN1LbFynhxTT+ejxeorPvSUfXVp8MrBMzXizxUciS t8cJ+XEEOpjoiNg3xzAjo5XAI9D5ofxpdcC12fERPdiSA/38z0g5sCOjjmkp0FJu LdBy/iNaBYObGPtmn1s9LQTx4HYzKhp2aAreRhUjP7hB/y3dEAvYHF/7hdTkAPjh oQCiId8NacRD+jaMrMVDNTuXHc+UzsKgf4nbQzOROwwyWcanoHwKqhZpgya5sAtz aApeUpNDK/S3Kpn0HuqLIOo0ChfO+Ae+EpGCxmSOS9dy3yAzjPWsMuy800hnpOfm GiXv1fSaI/dlfG22YYqQQgzodyodeRUdgWn1yD471QbRtUGHa0Fl7VK8FsPse+qn 8QY6z1Hfce7s+ACzHAqsTjhiqkmVyQyayYHRx2xI7XEOPE5WzxQfO/sHsZVKunVK dC08wkgwzprxzB83RnUMTpFZZbEmFUsAE1XpRWFhxt4gfej0ZE/PgdrXIyRrrKl5 usanj/xAaXtz8xPIm1Cw =MBJ6 -----END PGP SIGNATURE-----