* Merge with Debian unstable (LP: #2018072). Remaining changes:
- Fix logging with Ubuntu's unprivileged rsyslog (LP #1958162):
+ d/frr.postinst: change log files ownership
+ d/frr.logrotate: change rotated log file ownership
* Dropped:
- SECURITY UPDATE: denial of service via bgp_capability_llgr()
+ debian/patches/CVE-2023-31489.patch: check 7 bytes for Long-lived Graceful-Restart capability in bgpd/bgp_open.c.
+ CVE-2023-31489
[Fixed upstream in 8.4.4]
- SECURITY UPDATE: denial of service via bgp_attr_psid_sub()
+ debian/patches/CVE-2023-31490.patch: ensure stream received has
enough data in bgpd/bgp_attr.c.
+ CVE-2023-31490
[Fixed upstream in version 8.4.4]
This bug was fixed in the package frr - 8.4.4-1ubuntu1
---------------
frr (8.4.4-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018072). Remaining changes: llgr() patches/ CVE-2023- 31489.patch: check 7 bytes for Long-lived
Graceful- Restart capability in bgpd/bgp_open.c. patches/ CVE-2023- 31490.patch: ensure stream received has
- Fix logging with Ubuntu's unprivileged rsyslog (LP #1958162):
+ d/frr.postinst: change log files ownership
+ d/frr.logrotate: change rotated log file ownership
* Dropped:
- SECURITY UPDATE: denial of service via bgp_capability_
+ debian/
+ CVE-2023-31489
[Fixed upstream in 8.4.4]
- SECURITY UPDATE: denial of service via bgp_attr_psid_sub()
+ debian/
enough data in bgpd/bgp_attr.c.
+ CVE-2023-31490
[Fixed upstream in version 8.4.4]
-- Andreas Hasenack <email address hidden> Wed, 26 Jul 2023 17:43:05 -0300