Accepted lldpd 1.0.3-1+deb10u2 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted lldpd 1.0.3-1+deb10u2 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 22 Sep 2023 16:40:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: lldpd_1.0.3-1+deb10u2_source.changes
- Debian-source: lldpd
- Debian-suite: oldoldstable
- Debian-version: 1.0.3-1+deb10u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=trsFFjblPDhtofAIFYTv6wRs6J2WTQ7zrhucKwVw1/g=; b=jkhmsgPV3yyLawwyyv+gjV7XmH KN7cRSmzMNfZep0Y3kCUZ007n/ld+Xk3ulJWjRSJdJ4OIGDY5XhufGZywr2tR4hKlvu3mcwFrVuoH +E8edonVHzViON67fASIHKQ1hPcmYfsfpu2DEEYOrI+Ev1VsZENZBxmFFoTDiHI55qbLhSMZwh61q G4Jbv56ToOIpGYpdABObxVqfXJU1RKWL20wEYs5APtyk4aeeV2b2ss9JE/p+G7KATm7cyc/oT+av0 UN+4u5YG2f9ybz2mAYOEACpj+ymwkLPWN8Mcns0NqLW0P6fSUs6WjrXdrUJ4YO1d83KXUiC0/2MX/ QBwrOKSQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qjjCW-007oaE-1o@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Sep 2023 18:29:07 CEST
Source: lldpd
Architecture: source
Version: 1.0.3-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Vincent Bernat <bernat@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
78f8ff87b4e2cf3c25a4268501c5af74c422bbe8 2245 lldpd_1.0.3-1+deb10u2.dsc
89d65bef13ce081e23fa95a2161bfcf124221a50 11944 lldpd_1.0.3-1+deb10u2.debian.tar.xz
c5ebd85db7afb7bc9b1df56c4eb51f54463cb852 7771 lldpd_1.0.3-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
5d5a9c7651319b9c63e4a6492172eaf77bab4f76c3993396225d66be3d1a5bd1 2245 lldpd_1.0.3-1+deb10u2.dsc
e9be2b4a15f61d4286fb423d54982c85e569f1c4cd9d29abd13309d7a5ca7624 11944 lldpd_1.0.3-1+deb10u2.debian.tar.xz
abb6a2f330609e5851e8bea4651ade75a8eec3916c8fe9471582afeeb6e960fe 7771 lldpd_1.0.3-1+deb10u2_amd64.buildinfo
Changes:
lldpd (1.0.3-1+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2023-41910:
Matteo Memelli discovered a flaw in lldp, an implementation of the IEEE
802.1ab protocol. By crafting a CDP PDU packet with specific
CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd
daemon to perform an out-of-bounds read on heap memory.
Files:
e1392ddeae075d36030cd4e406426689 2245 net optional lldpd_1.0.3-1+deb10u2.dsc
35cd64ea16c5c446a5489f8e4ae6bf8f 11944 net optional lldpd_1.0.3-1+deb10u2.debian.tar.xz
308449c916640ddcb6c6f639bd35493a 7771 net optional lldpd_1.0.3-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUNwUBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfCkQALIVkbRRYczOC9KSkdvPUKhKoY2o5KJ2YYGm
CSYIKc/5G4ygcgAr0ZINP54OgY/Fj6mqH0UfwLmjYbJQ7aZrAUwczwF/0URx3tD0
2kQfn98I94c0reAN9VBS3sijLr/mhVlxRE0Rq9Q/4MXfmrTWgxQX63y4PGiYrZmZ
0y8Mv3OPqoR1rwd7mbgqvpfmnNXyaYBdqEUT2ODNp46N588ZIr4zFrhfR6sG2NTV
xtkqySYz2LmWi9g4fIGIxtCLAfX8wVQpWnV8PRBUwaYZf+0zahYEb09RR6yX+Pia
djEROazsOdMSrCfbWcfKlK+Tcm4G4OjedFzKSdz7UvRU0wprg91sn0Q7/DycE9G5
ix9lwQEz53BMzQSu1ActvKGcByifMR88sDTX3QEvn+7TNo9ZaLAtfmSRridtLbh9
a4UrFQEcpIv/q332BmxYutY/+KKld024JipXK7AmBGnwOlrnoKjEyBYPuU7fffUA
y23DfvrJWDsOVugeTQE9kS80IO25lxo7GIWPArm6ibmR4ZpxDfEgd1k5BRWEH6r2
iGrWthGz6rHhP3hqv6AY6tKvMSiEU9PpGSya29gOI682N4iCCTgV3xlqlwoyc0ed
AM7FLuTBq3XVKBaaZhgoF0UYYh/MJm03kOi2yzNxXOYbE0wXdQYJDPar7MFy+VeZ
nx1z0T/A
=0072
-----END PGP SIGNATURE-----