Your message dated Tue, 03 Jan 2023 21:19:57 +0000 with message-id <e1pcohr-00guq9...@fasolo.debian.org> and subject line Bug#1016978: fixed in frr 8.4.1-1 has caused the Debian Bug report #1016978, regarding frr: CVE-2022-37035 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016978: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016978 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for frr. CVE-2022-37035[0]: | An issue was discovered in bgpd in FRRouting (FRR) 8.3. In | bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, | there is a possible use-after-free due to a race condition. This could | lead to Remote Code Execution or Information Disclosure by sending | crafted BGP packets. User interaction is not needed for exploitation. https://github.com/FRRouting/frr/issues/11698 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-37035 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37035 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: frr Source-Version: 8.4.1-1 Done: David Lamparter <equinox-deb...@diac24.net> We believe that the bug you reported is fixed in the latest version of frr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Lamparter <equinox-deb...@diac24.net> (supplier of updated frr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Jan 2023 14:46:06 +0100 Source: frr Architecture: source Version: 8.4.1-1 Distribution: unstable Urgency: medium Maintainer: David Lamparter <equinox-deb...@diac24.net> Changed-By: David Lamparter <equinox-deb...@diac24.net> Closes: 981139 1000032 1008010 1016978 1017518 1021016 Changes: frr (8.4.1-1) unstable; urgency=medium . * New upstream release FRR 8.4.1 (closes: #1017518) * New frr@ systemd service unit to run inside network namespace * egrep to grep -E * upstream fix ospfd crash (PR 8876) (closes: #981139) * upstream fix isisd parsing issues CVE-2022-26125, CVE-2022-26126 and babeld parsing issues CVE-2022-26127, CVE-2022-26128, CVE-2022-26129 (closes: #1008010) * upstream fix bgpd out-of-bounds read CVE-2022-37032 (closes: #1021016) * upstream fix bgpd UAF CVE-2022-37035 (closes: #1016978) * libyang-related pcre3 dep replaced with pcre2 (closes: #1000032) * disable ELF magic on mips64el * fixed texinfo figure installation directory * enable dh_sphinxdoc to get rid of embedded javascript in frr-doc * removed bogus iproute dependency choice Checksums-Sha1: 93bae7678f788c5ee86ea262745a91a073e0bf1c 2081 frr_8.4.1-1.dsc 472086fd79f54133334154414886adab471ae0e0 7294592 frr_8.4.1.orig.tar.xz a20d8187f8af45d819e2f4260490371dec3a4d08 31052 frr_8.4.1-1.debian.tar.xz 7c3066168a1d3f2360de1f30254ffc1e0fabf173 10675 frr_8.4.1-1_amd64.buildinfo Checksums-Sha256: 394f5bc223fd1a713fdee0624a42d730ab07cfa5a6b99bc6445050d05351fff5 2081 frr_8.4.1-1.dsc cfce29dbb52817c2185861152a262e48b33beba8a21e3f4cbfb9153822e433bf 7294592 frr_8.4.1.orig.tar.xz 8687b112475716e9686067528a0675abdb77ebf5164d7e0659c72c76295d0537 31052 frr_8.4.1-1.debian.tar.xz 80632fd78365c569b469bfa5c1b8ce0b5d780a8913054deba4331fb8e03f16c7 10675 frr_8.4.1-1_amd64.buildinfo Files: c22726da7b40b909f6e56f9b1497b298 2081 net optional frr_8.4.1-1.dsc fe4024888b8129dacceb07cb5ec17012 7294592 net optional frr_8.4.1.orig.tar.xz 1610f03c1032e11b421ca168fec7c8ca 31052 net optional frr_8.4.1-1.debian.tar.xz 021bfbb479728254bb6d31039715eacb 10675 net optional frr_8.4.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCY7SYgQAKCRDLPsM64d7X gfJbAP4rRTt+LIMfViPQCOjT9SV2c/KrdVvg/1HWFD87bF1B5wD8CEhzG388yRY4 OlG2pQSp3ookCeYheRwmz3N7gxFinQs= =CP3D -----END PGP SIGNATURE-----
--- End Message ---
