Your message dated Sun, 11 Sep 2016 22:23:03 +0000 with message-id <e1bjd9t-0001sy...@franck.debian.org> and subject line Bug#822787: fixed in quagga 1.0.20160315-2 has caused the Debian Bug report #822787, regarding quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822787: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822787 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: quagga Version: 0.99.23.1-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for quagga. CVE-2016-4049[0]: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4049 [1] https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html [2] https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: quagga Source-Version: 1.0.20160315-2 We believe that the bug you reported is fixed in the latest version of quagga, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hugo Lefeuvre <h...@debian.org> (supplier of updated quagga package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 Sep 2016 21:37:00 +0200 Source: quagga Binary: quagga quagga-dbg quagga-doc Architecture: source amd64 all Version: 1.0.20160315-2 Distribution: unstable Urgency: high Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Hugo Lefeuvre <h...@debian.org> Description: quagga - BGP/OSPF/RIP routing daemon quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols) quagga-doc - documentation files for quagga Closes: 822787 835223 Changes: quagga (1.0.20160315-2) unstable; urgency=high . * QA upload. * Run wrap-and-sort. * debian/control: - Set QA group as maintainer, as Christian orphaned the package (see #837358). - Bump Standards-Version to 3.9.8. * SECURITY: - CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS (Closes: #822787). - CVE-2016-4036: World readable sensitive files in /etc/quagga (Closes: #835223). Checksums-Sha1: 15c0abffd54cf65a5ed1a8d4718f0bff89d10784 2181 quagga_1.0.20160315-2.dsc bc6eb71017282a18d7f5986fae54f51d1e90990b 36096 quagga_1.0.20160315-2.debian.tar.xz 2d49815d8b42e93171fffabde887eb7aa201bca1 2122804 quagga-dbg_1.0.20160315-2_amd64.deb 8e0f5ed4c5fadb418ce9623b47b2149508e3aedc 977248 quagga-doc_1.0.20160315-2_all.deb ad6fac6d6675737c2078c6b0fbe27351e949e2d7 1364846 quagga_1.0.20160315-2_amd64.deb Checksums-Sha256: c926a904660da820139cc6e13896516a68d62fc1826d698cc776fe47607ef962 2181 quagga_1.0.20160315-2.dsc 3884b9e9cbf4da1b214882fcf43a066f294323cb6b9133238d5bb586945d8807 36096 quagga_1.0.20160315-2.debian.tar.xz faff85f2eebea341b34be27864c5882e163d5a3a1a27a18c938834cecd3565c8 2122804 quagga-dbg_1.0.20160315-2_amd64.deb a9332039b6308b17ce8eb8dfd470e0c8fb5108a46366e7463eb3b493444039dc 977248 quagga-doc_1.0.20160315-2_all.deb 0b69e8704a75bd8c5c2ef4fc08d2eb1cb6067fb7a31ce6950a573b47303b200b 1364846 quagga_1.0.20160315-2_amd64.deb Files: 25f6651aaec6751863a354874011f8ff 2181 net optional quagga_1.0.20160315-2.dsc da754a7a4234bdfa69bc667fbdb7462f 36096 net optional quagga_1.0.20160315-2.debian.tar.xz d946682fa60a9130882d29a18eafae94 2122804 debug extra quagga-dbg_1.0.20160315-2_amd64.deb 6956843578185d5db80547cc046f3452 977248 net optional quagga-doc_1.0.20160315-2_all.deb 40275e739c338f257fbf4bff6b81b5a3 1364846 net optional quagga_1.0.20160315-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJX1bYWAAoJEKyQrD7FJAZe8ykP/imZHwbldTqcbbtR6EmlDZ4R 8TzSq76k5HzTqjgWs/Wi0U3OYztoGLrfieKF71lU4XI6SSPnsHyHBmBnF2ZWA8Xn wwpz4qaX/Ii1S4cgXnHqP3/gFdioqkEua93Xw72YqWF1ynl0MQ9sXKHNQWKLQqpE wFAkcvrHf335HDQ+whFqysMl3SMlgLtF4thF/DR2kKYQggmnglvRUVN5/aD9U8T/ 1U+UvRxP9YWz1PuB2Tss+A+tioTunhKDIihno+PiIFyqCo16SaU8nsnuKbeMX3Cd lwV/L1CbmTyjcoPF7O9tto0dhkdD2R9waMATzjiycC1uoNoFfZCkaAyrzQ1gpu8/ /su7/bGsx6HdlZ5zBxjA4EYqfpS8paq8iaeYvjVzABnN9Kzfly37yD01+BAGucSH bYn+46QOATF6HSqWNbNyto6FcJl+AJj8sYz4mCrcRFAA6jnz5auErjy5oYt2Sg5T A0Ix6CIt2FwmtI2kGkfIeRdzuMk73Weq7veQsjleGIBQej3TTol53vQa3gisD+G5 GlWY2RZeDJDp9EJzu2kyUcZmySvLdWdXHUsffHfllk03tVmbgibtwuWDuCzPHzih RA+jCwan0F056kkQyQfECAPR4glzP3blbtkt6dFZHLes8ypDok5esMGyJk4Mt1cQ VGE3ba4Z2Zt4fUrz0FMO =zHEE -----END PGP SIGNATURE-----
--- End Message ---
