Back to frr PTS page

Accepted frr 7.5.1-1.1+deb10u2 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted frr 7.5.1-1.1+deb10u2 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 27 Apr 2024 17:50:22 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: frr_7.5.1-1.1+deb10u2_source.changes
Debian-source: frr
Debian-suite: oldoldstable
Debian-version: 7.5.1-1.1+deb10u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=cF/EdrHwKm0LJ8wIVuhn4fdRIH82zXI/ujlG9QExaQQ=; b=YmmF/TUFJib3ay3E4K+HHhNUYX 0QUycIIFWGqsmPcCjxxoK9lJbEmOi2t8gzPcTQnmxX3XSDC1BWyXDM7oheRx36p07s0WhibEZYVYs WmG62VJJrLBJp6aka6QhufUfaDXMDMNQBu6brVh7/Gmpclut2Zg5FQa6QsaGGkCqjh9p7ophNMd8e oJVyGuzdH4rP+DfWRP8cqQiT+O5THQLiEN8i40N8ks2JAcuVMoPMTpdvvI/vNxqNMFFJ1AQz1CNMA 0HK1oM98ZV9Umh2kkGBu2CC7fIquvVYObL+WnEAH+m1C+3g8ipM79gRmTrCpivk2Dt9/TlEOyu+Nh es68rcvg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1s0mBq-009rig-TV@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Apr 2024 19:24:07 +0200
Source: frr
Architecture: source
Version: 7.5.1-1.1+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: David Lamparter <equinox-debian@diac24.net>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1008010 1016978 1055852
Changes:
 frr (7.5.1-1.1+deb10u2) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * d/clean: Remove generated files on rebuild.
   * Backport fixed for several vuffer overflow vulnerabilties:
     CVE-2022-26125, CVE-2022-26126, CVE-2022-26127 (Closes: #1008010)
     CVE-2022-26128, CVE-2022-26129
   * Enabling patching of the fuzz test vectors with quilt
     - Add patch to build system disabling handling the fuzz testvectors.
     - Introduce the fuzz testvectors as patch, as upstream shipped it only
       compressed and we need to patch it, otherwise the fix for CVE-2022-26125
       would break the tests.
   * CVE-2022-37035 - Racy use after free (Closes: #1016978)
   * CVE-2023-38406 - "flowspec overflow."
   * CVE-2023-38407 - Buffer overread (Closes: #1055852)
   * Backport fixes for several vulnerabilties:
     - DoS (crash) CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235
       (Also filed in #1055852), CVE-2024-31948 and
     - CVE-2024-31949 - DoS causing an infinite loop
Checksums-Sha1:
 6235d6f5bf8baf722de3888552fae11d24228167 2644 frr_7.5.1-1.1+deb10u2.dsc
 3c3a07fce8e8c4627d3897bf4e753aebfb8a4bd2 114540 frr_7.5.1-1.1+deb10u2.debian.tar.xz
 faa91469acecc5e3272e08c21106fdcc0b8424b6 11689 frr_7.5.1-1.1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 ec7ca293cb270940f118a97658e9afb2de4e2820b67b8461d6f519ccbee9eb28 2644 frr_7.5.1-1.1+deb10u2.dsc
 05267196197e0094e8f8fa1e00c4573c8fa3c59150f4d4af135342746765d79f 114540 frr_7.5.1-1.1+deb10u2.debian.tar.xz
 96d801d3d65e5039dd6584838e86bd280a21798783d5147b95025dbf8e44c75d 11689 frr_7.5.1-1.1+deb10u2_amd64.buildinfo
Files:
 8d7a7957c49edd703cb0abee87227f7d 2644 net optional frr_7.5.1-1.1+deb10u2.dsc
 27971459eb5d47684a3f7262adcd72a9 114540 net optional frr_7.5.1-1.1+deb10u2.debian.tar.xz
 461accef944d0dc6a9d1e2797ce1e8ae 11689 net optional frr_7.5.1-1.1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmYtNh8ACgkQkWT6HRe9
XTZwCg/9HtGBjRu6WSZtaSTFOakm1rUdo8MHKffxTTvzLZChO2bwRP4NXD/8NB/g
kZQVHdgXwB9euK6OcyU3M0PRnU5LxyYikPndxFFZPW99L+AqPaMQmxyR8+ufwk/B
ILv2plY+HJyPmS8I+Hzt8SkRcfwWvGs3M6mzOjcAL6ye3LLzruM6R1w7Yv/zMm0L
ruvezszxa3bwihJP02/W5nHLNj74nkg4GaSuzPmWg/xS7H54aCgwiAAQDK9Nj7KB
DMy3Fbn5WL6hmnA1bkx8gT0u1Jkl2s/wkOHjtnp+wUNjtLwpNOa35KaB0/cUivjm
5XYT5FPZjUqkjvIQMmV6W93MLq4oC7puVr7/KQoYajE1p8ADFFkFWYMn0lgCE6pL
aO2lvyXQzCLUS3HktSA2Lxcct/VttZlQ2sobY8D+ZtLDTkJ+YMd+8c73msXvym6d
EPefuObbTnlbZRQefDRFHTYUAP3sBwFvcQ5hcpzy9VVQEzv7QUPCjmS0Z2V/+2fk
BqAOdeIvhud1F/7f3Q4Hq5SFYFRU1YFzN/7K7QUFaZSXW1YE1mR6Rx4eG2bGBBl5
m9brjyJthZeNeXKhqof5wyTrMG4jTsIS/AQIT8vTonTzoFGp4UIXJDZo3denxopE
KFzwzb0BNg+SZKLd9PIV7174NB7G26+6P+WuNI3TD5ULEuAM9rc=
=IQbK
-----END PGP SIGNATURE-----

Attachment: pgp6VOlESuPIW.pgp
Description: PGP signature