Your message dated Tue, 12 Sep 2023 17:17:28 +0000 with message-id <e1qg70y-00ef2k...@fasolo.debian.org> and subject line Bug#1036062: fixed in frr 7.5.1-1.1+deb11u2 has caused the Debian Bug report #1036062, regarding frr: CVE-2023-31490 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036062 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: frr Version: 8.4.2-1 Severity: grave Tags: security upstream Forwarded: https://github.com/FRRouting/frr/issues/13099 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for frr. CVE-2023-31490[0]: | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to | cause a denial of service via the bgp_attr_psid_sub() function. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-31490 https://www.cve.org/CVERecord?id=CVE-2023-31490 [1] https://github.com/FRRouting/frr/issues/13099 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: frr Source-Version: 7.5.1-1.1+deb11u2 Done: Aron Xu <a...@debian.org> We believe that the bug you reported is fixed in the latest version of frr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1036...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated frr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 01 Sep 2023 12:27:31 +0800 Source: frr Architecture: source Version: 7.5.1-1.1+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: David Lamparter <equinox-deb...@diac24.net> Changed-By: Aron Xu <a...@debian.org> Closes: 1035829 1036062 Changes: frr (7.5.1-1.1+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-36440, CVE-2022-40302, CVE-2022-40318, CVE-2022-43681: Denial of service with maliciously construct BGP OPEN packet (Closes: #1035829). * CVE-2023-31490: Denial of service caused by malformed SRv6 L3 service attribute (Closes: #1036062). * CVE-2023-38802: Denial of service caused by corrupted Tunnel Encapsulation attribute. * CVE-2023-41358: Denial of service while processing NLRIs with zero length attribute. Checksums-Sha1: a7d908ce0fb2a65ba5ce72901d050902748518e2 2287 frr_7.5.1-1.1+deb11u2.dsc 0827aedf82f6e44a3116afd2fbfb5fca74d5d479 34096 frr_7.5.1-1.1+deb11u2.debian.tar.xz 2a84253426b6797268238724c7e6c8999e857519 8106 frr_7.5.1-1.1+deb11u2_source.buildinfo Checksums-Sha256: f374798eaae32e10a1c0721181c88c07aa8d70a18c07e94d504abda8f07bbf19 2287 frr_7.5.1-1.1+deb11u2.dsc 98a19282f795a65e2e104b5254947afd7bf0f375d115f123e27a48372b4efefa 34096 frr_7.5.1-1.1+deb11u2.debian.tar.xz 24ec8f8682e2f23337f26180454e9c5bd2c6f4cf81726401136f0759f97ce5e5 8106 frr_7.5.1-1.1+deb11u2_source.buildinfo Files: a07602544e027cade4ffab8cff96b525 2287 net optional frr_7.5.1-1.1+deb11u2.dsc f340cd118ef732330033d1ac49b5706f 34096 net optional frr_7.5.1-1.1+deb11u2.debian.tar.xz 2bc53635a7e44849fc61a0669bd11f48 8106 net optional frr_7.5.1-1.1+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmTxpWoACgkQO1LKKgqv 2VQIMwf9Ey4eqHd8G1ipYUDlPR11iyLuywUqTjM/02DcZuPH+jZGhE+bdi9iojyd a7qTJ/WQ0lJ+TWhZ0UIF8qlj8cWQf96nriNpf8Fe6DZ1J1LFdnTINWcJLvgQ0iCm Mmq0PuvUTW7KjTAZC9apaSSIPUFkEEtlUuKqQ624++NiGMZs95bD6nQzPIHCG3yA TXCREoXwvUDEzUiiO/kh6h/S5vlheLnYI9xvetxhcMl2BVGWtsNFAlZWScGmZQ7z IZbeeNcgrBYZy4BzHw/cNf6HtUIkvrw84C/mgKmR1lHM5+FOT9nHTQkgYr6L/oRS yEInY3potu0i6SM8rpVW6CtJ9/xn2A== =PuKm -----END PGP SIGNATURE-----
--- End Message ---
