Hello Quagga maintainers Did you notice the following bug which was marked as security relevant? It was filed as #747 in your BTS.
It would be great if you could provide a patch that applies to 0.99.20.1 (for the current Debian stable distribution). bye, -christian- Beginn der weitergeleiteten Nachricht: Datum: Tue, 13 Nov 2012 11:27:27 -0700 Von: Kurt Seiifried <kseifr...@redhat.com> An: oss-secur...@lists.openwall.com Cc: Jan Lieskovsky <jlies...@redhat.com>, "Steven M. Christey" <co...@linus.mitre.org>, Denis Ovsienko <infrastat...@yandex.ru>, Christian Hammers <c...@debian.org>, "Dmitry V. Levin" <l...@altlinux.org>, Paul Jakma <p...@jakma.org>, Florian Weimer <fwei...@redhat.com>, "Marco d'Itri" <m...@linux.it> Betreff: Re: [oss-security] CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/13/2012 07:48 AM, Jan Lieskovsky wrote: > Hello Kurt, Steve, vendors, > > Marco d'Itri in Debian bug [1] has reported the following > deficiency, being present in 0.99.21 and possibly earlier versions > of the Quagga routing suite: > > A denial of service flaw was found in the way Quagga's ospf6d > daemon performed routes removal. In certain circumstances when > removing the route the ospf6d daemon terminated with assertion > failure when trying to determine / find, which route to remove. An > OSPF6 router could use this flaw to cause ospf6d on an adjacent > router to abort. > > References: [1] > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2] > https://bugzilla.redhat.com/show_bug.cgi?id=876197 > > Upstream bug report: [3] > https://bugzilla.quagga.net/show_bug.cgi?id=747 > > Could you allocate a CVE id for this? > > Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat > Security Response Team > Please use CVE-2012-5521 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQopEPAAoJEBYNRVNeJnmT5fQP/0T4SrIhya2QCMKB6xwXh2A3 g15i+A2X0ToXLDgUpnMlJPUbQMSRKvncm+prkHUJNsDxP6KW/hzMj/lsFGfdxsda drGePasJJNJUT0f1Z2g8IXNfy1iUq3ZnjAFpwbd93iR/iRclDvNPhC5813XOr37G ozpR4E4K+7Uf2GUvPAHwbTsgYeCQwnOzWZ3wIet9+Ej1vaEqRuXra3XmSnLAPiRp RTZb6A4TROnc/+KLRI8JHH5AZUSNODJClG00sewI8CVSEp+EtbRRljntzzRVlqOJ OXqITx5F5a+Su1S93dlRCoj4GJlPOJ9ALZ74+9RxmBFmR/ApE+uVUqZmIlJbvK73 sAUBEvvV8yymP6WoaamA/UP8HcICATvjjdQe+I5fgCiFLxOU2z2vVkNuOdNZNwom iDGnnckWVEfjy9uRPAf7ubybCAMyY54pMZP2YHOwEzCaH7p74G3Pgv52DtGnQqU6 ADSJPp0Sc6R0/QyqCbnSyksdPw/gAUWEbAZvlct63o2k+tENii3DjN8oz7bd4dsB afIuUqXbV+/1ta/6fkduY6Hir5gOyBXkh9KNg84FM6aa1sYgLGuxzVb1OOxXzXd8 dsc6nahjFM98n80yx5InFKgyEcGr9BEzEWjn3dqKtagEyr5X3RjeFEabTlojYZIS sMvb3K2PDbLv/+TJ2NIG =S1si -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
