Package: quagga Version: 0.99.16 Severity: grave Tags: security Justification: user security hole
The release notes of quagga 0.99.17 on http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100 mention that: "This release provides two important bugfixes, which address remote crash possibility in bgpd discovered by CROSS team. " CVE IDs have already been requested by someone from RedHat on oss-security: http://marc.info/?l=oss-security&m=128265627617285&w=2 but not yet been granted. Meanwhile I upload 0.99.17 to sid and ask if 0.99.10 (lenny) is affected and if there's a 0.99.16 backport for the frozen squeeze. bye, -christian- -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages quagga depends on: ii adduser 3.112 add and remove users and groups ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy ii iproute 20100519-3 networking and traffic control too ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libpam0g 1.1.1-4 Pluggable Authentication Modules l ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi ii libreadline6 6.1-3 GNU readline and history libraries ii logrotate 3.7.8-6 Log rotation utility quagga recommends no packages. Versions of packages quagga suggests: ii snmpd 5.4.3~dfsg-1 SNMP (Simple Network Management Pr -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
