Your message dated Sun, 28 Aug 2016 12:47:58 +0000 with message-id <e1bdzvg-0000uq...@franck.debian.org> and subject line Bug#822787: fixed in quagga 0.99.23.1-1+deb8u2 has caused the Debian Bug report #822787, regarding quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822787: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822787 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: quagga Version: 0.99.23.1-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for quagga. CVE-2016-4049[0]: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4049 [1] https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html [2] https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: quagga Source-Version: 0.99.23.1-1+deb8u2 We believe that the bug you reported is fixed in the latest version of quagga, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hugo Lefeuvre <h...@debian.org> (supplier of updated quagga package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Aug 2016 10:27:07 +0200 Source: quagga Binary: quagga quagga-dbg quagga-doc Architecture: source amd64 all Version: 0.99.23.1-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Christian Hammers <c...@debian.org> Changed-By: Hugo Lefeuvre <h...@debian.org> Description: quagga - BGP/OSPF/RIP routing daemon quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols) quagga-doc - documentation files for quagga Closes: 822787 835223 Changes: quagga (0.99.23.1-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS (Closes: #822787). * CVE-2016-4036: World readable sensitive files in /etc/quagga (Closes: #835223). Checksums-Sha1: 7f66c79b9594eecdd1dd9bab30346314abf1efd0 2166 quagga_0.99.23.1-1+deb8u2.dsc 9db69d23c4d0faccc6ed2bceb2869b3c1433a079 38096 quagga_0.99.23.1-1+deb8u2.debian.tar.xz 22186ceaf9400fcfbc58be4c4488eba88f3d9cb3 1219744 quagga_0.99.23.1-1+deb8u2_amd64.deb b1071490762fded6e84f125d596d8d4701cb578d 1769976 quagga-dbg_0.99.23.1-1+deb8u2_amd64.deb 32cdcf2455813e83edac13148ba26c25477c340f 906702 quagga-doc_0.99.23.1-1+deb8u2_all.deb Checksums-Sha256: e50d554843806d16f5c8aae31df06f05ead7167a772440a83568ca87523c1c14 2166 quagga_0.99.23.1-1+deb8u2.dsc af45ffc8e41253defcb93622d9d9065d941e9b6b9a9e60bc319bb7980a3f59d4 38096 quagga_0.99.23.1-1+deb8u2.debian.tar.xz 98f0a24de2098129860529ac797ebcca9ab5adca189bb2217d7e80494250a975 1219744 quagga_0.99.23.1-1+deb8u2_amd64.deb f2ea03b4c71a836b876a0be8a361d3314d97a16cd6e4f95a40900036984879b5 1769976 quagga-dbg_0.99.23.1-1+deb8u2_amd64.deb 7012ed5c6deec9020ce0849cd2f18975f82d965f28563993b1f60fbff42c0dba 906702 quagga-doc_0.99.23.1-1+deb8u2_all.deb Files: 88ecbdc1ef6d413ea02a41933ac6ca7f 2166 net optional quagga_0.99.23.1-1+deb8u2.dsc 869530531b12abeb41ac84fcaec55b49 38096 net optional quagga_0.99.23.1-1+deb8u2.debian.tar.xz 63acdc53648273dc779c0b5c35b667c3 1219744 net optional quagga_0.99.23.1-1+deb8u2_amd64.deb 013033961f6cc6413cd7463746d4b1fb 1769976 debug extra quagga-dbg_0.99.23.1-1+deb8u2_amd64.deb c9ea14bacb6bc10b307017998f11fc71 906702 net optional quagga-doc_0.99.23.1-1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXvuHgAAoJEKyQrD7FJAZetJgP/RudEdTOrZUEJ2AstpAg+tej lOtcjNgxrAwZf5xqQzTwBaGzj8Sc7NdqO1RG75nZAUGFNkFrJqqrDdxvRYMcEF+Q cprhkNRyOhHjMouRftrFAc+ByWzXlWVqlJjeTecMipn2zx/B4pf3DO2r3lwIbiJ8 +ksYyhsPTruyJ0Fjvnb6xKOsI4NRPeJEDw4eUrAvkmntVEGcquz2GOyAe0Vnci7t es9mYaQQQpCdU4lr8CGGV3ZB6bia+mr/myD23EgQfL9WR5xp3vqb2mn60hdAxfNC vsCM7tswsbnPn1x054N/ho0Hp51ab38Bef7DF3gJJVr2OT7VO8e9sEbtx6DQI+S6 gdN2Qr2T3w3FhHmY1C9sPRAP7fDcEhVDSRKgiJ/LnvAEJKrNJf2+LgyR4iESsdaA U7INRcQSKr4fE7E01FqsH26mJ3hZu70TLCxiEb+KMK6uxL/0+AFuwCk7Vei/3A4e HwhDcA6y++3VjwzS3KsP8AiSIy5WN/TkElnT8QsLZMnlVbGFkdyjeP4vnN3/ehPp ZqfsA2K5zhOHQhH1vX8pfyIw/Kc2JsDN0lPSgJvXdo4Hqam8mQNmojRWSfASYhhl 3DyI95mShLI3P3xlFFLAJLmHBpVGi+LBqI/sV5jtQSgFt7W5E4EyGqFDXqXrx5xV rkQH8/KnBPz5b63NgVe0 =KH1g -----END PGP SIGNATURE-----
--- End Message ---
